[4:55pm:~] DIVISION:tqbf [0:1]% nsping -z amazon.com 208.67.222.222
NSPING 208.67.222.222 (208.67.222.222): Domain = "amazon.com", Type = "IN A"
+ [ 0 ] 55 bytes from 208.67.222.222: 29.254 ms [ 0.000 san-avg ]
...
+ [ 35 ] 55 bytes from 208.67.222.222: 28.894 ms [ 43.104 san-avg ]
^C
Total Sent: [ 36 ] Total Received: [ 35 ] Missed: [ 1 ] Lagged [ 0 ]
Ave/Max/Min: 43.104 / 232.379 / 24.222
Google:
[4:56pm:~] DIVISION:tqbf [0:1]% nsping -z amazon.com 8.8.8.8
NSPING 8.8.8.8 (8.8.8.8): Domain = "amazon.com", Type = "IN A"
- [ 0 ] 100 bytes from 8.8.8.8: 71.366 ms [ 0.000 san-avg ]
...
- [ 27 ] 99 bytes from 8.8.8.8: 61.967 ms [ 86.705 san-avg ]
^C
Total Sent: [ 29 ] Total Received: [ 27 ] Missed: [ 2 ] Lagged [ 0 ]
Ave/Max/Min: 86.705 / 223.928 / 48.951
AT&T, via my home router:
[4:57pm:~] DIVISION:tqbf [0:2]% nsping -h www.amazon.com 192.168.1.254
NSPING 192.168.1.254 (192.168.1.254): Hostname = "www.amazon.com", Type = "IN A"
+ [ 0 ] 48 bytes from 192.168.1.254: 48.595 ms [ 0.000 san-avg ]
...
+ [ 20 ] 48 bytes from 192.168.1.254: 34.261 ms [ 36.207 san-avg ]
^C
Total Sent: [ 21 ] Total Received: [ 20 ] Missed: [ 1 ] Lagged [ 0 ]
Ave/Max/Min: 36.207 / 59.454 / 30.943
But, note the + in front of the OpenDNS result, which means we didn't get NXDOMAINs for random names, which is, all due respect, some bullsh*t right there. The results just for "www.amazon.com", which read straight from the cache and don't measure the performance of the recursive fetch:
This is very broken default behavior. It has real security problems (it violates an assumption of the same-origin policy that scopes your browser cookies), it disrupts email, it breaks any application that needs NXDOMAIN (whether you know it does or not), and it's part of an arms race to fuck up^H^H^H^H^H^H "monetize" the infrastructure.
Google doesn't redirect NXDOMAINs. That's worth several milliseconds of response time for me.
> But, note the + in front of the OpenDNS result, which means we didn't get NXDOMAINs for random names, which is, all due respect, some bullsh*t right there.
Would you care to explain that remark to people like me who don't know the ins and outs of DNS? What's an NXDOMAIN? And why is it bullshit?
NXDOMAIN = non-existent domain. In this case instead of the DNS server telling your resolver a given address doesn't resolve, it's telling it that they all resolve to OpenDNS's search service. There's a summary of some of the issues here: http://www.semicomplete.com/blog/geekery/comcast-dns-hijack-...
There's nothing at all wrong with your test, it's just different from mine (to be perfectly honest, I didn't even read yours closely at first; I just wanted to bust out nsping).
By querying 1000 popular sites, you're really just testing the network and software performance of the three servers. Every one of those names is guaranteed to be in their cache. By randomizing the labels, you can factor the cache out of the benchmark. Does this matter much? Meh.
I agree with your performance conclusion (your ISP is fastest) with two caveats:
* AT&T's DNS sucks ass; it's fast right now, because it sucks and wants to screw up my benchmark, but 10 minutes from now it's going to go back to being nonresponsive. I'll happily surrender 50ms for consistant performance.
* The major win for third-party DNS (and the same win for running your own local cache) isn't performance; it's that it always Just Works.
No matter what Google says about 100ms responsiveness differences decreasing user engagement by 20%, I don't believe that 10-15ms is noticeable.
With random labels under amazon.com:
OpenDNS:
Google: AT&T, via my home router: But, note the + in front of the OpenDNS result, which means we didn't get NXDOMAINs for random names, which is, all due respect, some bullsh*t right there. The results just for "www.amazon.com", which read straight from the cache and don't measure the performance of the recursive fetch:OpenDNS:
Google: AT&T: In case you're interested, compared to running dnscache on my local host, which is what I do normally: Third parties are faster, for obvious reasons (they have much better network connections, and using them minimizes roundtrips over my crappy network).You can run these tests for yourself trivially. Just install nsping. I'm fond of it, despite how horribly coded it is.