Press "Enter" to skip to content

In Search of an Open Source DNS Server

You’d think that in this day and age finding a free and open DNS server would be easy, no? Evidently, not so much. That didn’t keep Roblimo from finding one, however.

Roblimo’s Hideaway

DNS server The Internet's Phone Book

Does it matter whether the DNS server you use is open source? Most of the good ones run proprietary code. But after some tedious shopping and testing, I finally found one that’s open source, community-owned, and (so far, at least) as reliable as its proprietary competitors.

One day Web pages started loading slowly for me. Not just on one computer, but on Linux, Windows, Mac, a Chromebook, and two Android phones. All the devices on my home network were suddenly spending a crazy amount of time displaying things like the FOSS Force front page.

It wasn’t my connection speed. I pay Frontier for 25 Mbps FIOS. I did a fast connection speed test and I was getting 30 down and 30 up. That’s fi

Another problem I’ve had with ISPs over the years is their DNS servers, which can be highly variable in speed, plus there are often privacy issues. And I hate hate hate their “typo penalty,” as I call it, where if you type a character wrong in a URL they shove you onto a bullshit search page instead of leaving the mistyped URL in your search bar so you can correct it.

DNS hijaccking by ISPs is a widespread problem. I first ran into it in Maryland, with my first cable modem connection, which was supplied by a company known (not) affectionately as “Comcursed.” Luckily, I had friends in the Computer Science department of nearby UMBC, and they invited me to use the University’s servers and told me how to change DNS settings in my cable modem. This was long enough ago that I believe 4.2.2.2 was the only public DNS server. At least, it was the only one I knew about, and I didn’t really know if a peon like me was supposed to use it.

Anyway, I got away from Comcast’s DNS servers. My Internet service was suddenly more reliable, the sun broke through the clouds, and life was good.

Years of not thinking about DNS servers

In 2000 my wife and I moved from Maryland to Florida. We hooked up with Time-Warner Cable and it was decent. I forgot all about DNS servers. My connection worked. Sure, there was that DNS hijacking thing, but I didn’t mistype domain names often enough that it was a major irritation. We moved (still in Florida), and decided to go with FIOS, then run by Verizon, because it offered far faster upload speeds than a cable connection. And at the time I was making enough videos that upload speed was a concern.

I still gave no thought to DNS. How often do you think about home or small office DNS servers? If you’re a typical, normal American, the answer is probably “never.” You pay the ISP, you hook your stuff up and set up your wireless, and that’s it. Same here.

Until the black day came when I got a sudden slowdown because my ISP’s DNS server was barfing, possibly because technically ept Verizon had sold their Florida FIOS service to inept Frontier.

So I went hunting for an alternate public DNS server. My first thought was Google DNS, partly because their DNS URLs are 8.8.8.8 and 8.8.4.4. Easy to remember. I found the login info for my ISP-supplied router/switch and a few minutes later I was using Google’s DNS servers, which were way more responsive than Frontier’s.

But I’m crazy. Not only am I part of the 5% (at most) of the population that knows or cares about DNS, but I am part of the even smaller crowd that prefers to use open source software whenever possible, and Google DNS is not open source. Their Public DNS FAQ says, “At this time, there are no plans to open source Google Public DNS. But we have detailed all the steps we have taken to increase speed, security, and standards compliance.”

I wasn’t complaining about the Google DNS servers themselves. They’re quite good. This web page tells you why.

But by God I wanted open source. I knew there was plenty of open source software out there you could use to set up your own DNS server, but I didn’t want that. I wanted a big, robust, reliable DNS service. Like, say, OpenDNS. A few minutes after I decided to try their servers, I had them entered in my router. Worked fine, too. Not noticeably faster or slower than Google DNS, and even a test with DNS Benchmark was inconclusive.

OpenDNS offered, in addition to the DNS servers themselves, free services like identity theft protection and customizable controls to keep your kiddies away from porn. And then, finally, I started looking for OpenDNS’s software licenses. They sponsor some open source projects on GitHub, but the service itself runs on software that’s about as open as Windows. Grrr.

So I went hunting again. Most public DNS servers don’t talk about their software or how it’s licensed. I wonder how many users or potential users ever ask? My guess would be somewhere between “not many” and “none.”

Since I had a little time on my hands, I continued my search for the perfect DNS server I could use on my little home office connection. Finally, the heavens opened and a deep voice said, “OpenNic!” And there, on their front page, in big letters, it said, “Are you looking for an alternative DNS provider that is open and democratic, are you concerned about censorship?” Yes and yes!

Note that providing volunteer-run public DNS servers is only a little of what OpenNic does. It’s really an alternative domain supplier. For some reason, not everyone loves ICANN, AKA “Internet Corporation For Assigned Names and Numbers.” And what if you want a .pirate domain? You can’t get it through an ICANN registrar, but you can get it — along with a bunch of other cool TLDs — through OpenNic.

As a domain server, I’d rate OpenNic as right up there with OpenDNS and Google for speed, and I have had no reliability problems with it. Open source? You bet! Even better, it’s a democratic organization. Jump on the IRC channel. Donate money. Volunteer. Maybe even run an OpenNic server.

Is this some sort of online cult? Possibly. If so, I’m happy to join, even if all I do besides using the DNS servers is donate a little money and lurk in the IRC channel now and then.

Now you know about OpenNic. Check the FAQs, poke at it a bit, and then sign up. Changing DNS settings in your computer or router isn’t hard. There are instructions all over the Internet that will tell you how to do it in Linux, Windows, Mac, Unix, and on many/most/all routers.

As they like to say in the land of trite sayings, “Come on in, the water’s fine.” The trite people also like to say, “You’ll be glad you did.” But this is a case where that is actually true, so (this is the last trite saying in this article) “JUST DO IT!”

19 Comments

  1. Nomen luni Nomen luni January 26, 2017

    Thanks Roblimo. I didn’t know I cared about this until I read your article. All the best.

  2. UncleEd UncleEd January 26, 2017

    +1 on the thanks and on the not knowing I cared. Appreciate it.

  3. juan juan January 26, 2017

    I started playing with the DNS servers after I got tired of the ISP here. They had all sort of issues with theirs. You would be connected, but no browsing since their servers would go down for hours every other day.

    So I switched to OpenDNS long time ago and backup is Google, but since CISCO bought OpenDNS….

  4. Reid Reid January 26, 2017

    Have used OpenDNS for several years, and have liked them a lot. No problems, and they are near the top in speed. They also claim to be more secure, and I think that’s possible. They are indeed a great find!

  5. Mike Mike January 26, 2017

    OpenNIC looks like a great replacement for OpenDNS.

  6. Robin Miller Robin Miller January 26, 2017

    In my personal experience so far, OpenNic is as fast and reliable as OpenDNS and Google. And 100% open source, and it’s a democratic co-op, which I prefer to supporting, say, Cisco.

    I don’t care about add-on security or firewalls. I have my own, thank you. So OpenNic it is for me, and now that you know about it, maybe for you, too.

  7. tracyanne tracyanne January 26, 2017

    Yeah I’ve been using them for the last couple of years.

  8. Sachin Garg Sachin Garg January 27, 2017

    If one is so passionate about “Open Source DNS” why not setup your own resolver using BIND9? I guess that is as open as it gets. And use the ISP ones, OpenDNS or the G ones when your own resolver is down.

  9. Mike Mike January 27, 2017

    @Sachin Garg

    Alternate DNS servers like OpenNIC and DNS.WATCH are also useful for combatting govt and corporate censorship. ISP, OpenDNS, and Google not so much.

  10. tracyanne tracyanne January 27, 2017

    @Sachin Garg

    I’ve thought about it, but at the moment it’s extra effort and money (another computer), I used to do it back in my Mandrake days, but then I was in a permanent residence

  11. PJ PJ January 27, 2017

    Thanks for the heads-up. I am currently running pi-hole on a raspberry pi (which is using OpenDNS) and wouldn’t mind taking a closer look at this. But… besides the virtues of open source and defending one’s privacy the idea of a managed open source block list that defeats advertising surveillance is appealing. I’ve had enough, as I think most of us have, of being followed from one device to another by adverts.

  12. tracyanne tracyanne January 27, 2017

    >>>>>And what if you want a .pirate domain? You can’t get it through an ICANN registrar, but you can get it — along with a bunch of other cool TLDs — through OpenNic.

    One thing I do is block all the new TLDs, if they aren’t, .com, .net, .org, .gov… the ones that have been around since before iCANN decided to make some extra money selling fancy TLDs they get blocked on my email server. I won’t accept email from them, that is where 90% + of my spam originates.

  13. Mike Mike January 28, 2017

    @tracyanne

    Those OpenNIC TLD’s (.pirate, .geek, .null, etc. are not available AT ALL through ICANN).

    Different animal.

  14. Randal Randal January 28, 2017

    I seem to remember LPS (now renamed I see) required or recommended OpenDNS for security reasons. (I think is was dependent on if you worked for the government or not)

  15. tracyanne tracyanne January 28, 2017

    @Mike
    January 28, 2017 at 1:45 am

    @tracyanne

    Those OpenNIC TLD’s (.pirate, .geek, .null, etc. are not available AT ALL through ICANN).

    Different animal.

    Um… Mike, yeah I know. I still black list them for the same reason I blacklist the .computer .sex .coffee etc ones from ICANN. Those fancy TLDs are the source of 90% of the spam I receive.

    If the email doesn’t originate from a domain with an afore mentioned .com .net .org .gov…the old faithful TLDs I don’t get it.

  16. youcantoo youcantoo January 29, 2017

    @tracyanne – funny most of the spam emails I seem to get is from .come, .net and .org

  17. youcantoo youcantoo January 29, 2017

    that should of been from .com

  18. tracyanne tracyanne January 29, 2017

    @youcantoo
    January 29, 2017 at 4:28 pm

    I get plenty from them as well, my company’s email addresses seem to have been sold far and wide. Well I used to until I updated my spam filters, now I get only 1 or 2 a week, and those are easy filtered out as well.

Comments are closed.

Breaking News: