I have always been a huge fan of external DNS resolvers such as OpenDNS and Google Public DNS resolvers. I truly believe that they do improve the online customer experience since most ISPs do either a poor job at managing their DNS or they do DNS rewrites. Cloudflare recently launched their own DNS service, 220.127.116.11, which it claims to be “performance friendly”, so we decided to put this claim to test. But before I dive into the verdict, let us understand what DNS resolvers are and why public DNS resolvers matter.
DNS resolvers form the backbone of the internet – the 411 of the internet, allowing humans to type friendly domains in their browsers and land in the right location. If DNS resolution fails it feels we are back in the stone age. Performance bottlenecks at the DNS level can have a direct impact on the application(s) performance and ultimately will impact the end user experience.
In a traditional networking environment, the user’s ISP provides the DNS resolver which, in most cases, is not optimized for speed or performance. ISPs are not particularly concerned about the performance of DNS resolvers they provide, and this has pushed the case for public DNS resolvers. As with any other service, public DNS resolvers have their own set of pros and cons. Users switching to a public DNS resolver usually cite the following reasons:
- Performance issues – outages and latency.
- Reliability and security – These are additional features that are offered by default with such services. The public DNS resolvers are touted to be more reliable with DNS filtering that make it more secure.
- Geolocation – ISPs may not have a network architecture that is configured to select the optimum DNS resolver based on the user’s location.
Cloudflare’s new release is a welcome addition to the existing set of easy-to-remember public resolvers. But what makes this even more interesting is the claim that it is the fastest (approximately 14ms!). Being in the digital experience monitoring industry, I just had to put together the exact facts and figures and see for myself if this was true.
We set up tests using Catchpoint’s DNS direct solution and pointed our nodes (Backbone, Broadband, Last Mile and Wireless) to 18.104.22.168 and requested for www.google.com. Once the tests were run, we used a geometric mean to aggregate and analyze the data.
- “22.214.171.124” refers to Cloudflare’s solution
- “126.96.36.199” refers to Google’s solution
- “188.8.131.52” refers to OpenDNS’s solution
Let’s start the analysis with the data from the backbone nodes. Globally, the performance has been on par with what was announced by Cloudflare!
We break the data down by percentiles and the numbers are consistent: Cloudflare’s averages are skewed by the fact that their services are not available in some countries (more later).
Grouping the data by country:
Further breakdown by uptime and country:
A few countries stand out from the data breakdown – Peru, Palestine, Morocco and Egypt are not able to access 184.108.40.206. For example, when we try to reach “https://220.127.116.11” from Morocco, it displays the following message:
Let’s break this down even further by ISP/Country:
Has latency been addressed?
Proximity to the end user is important when trying to cut down latency in the DNS resolution process and the Catchpoint traceroute tests prove that Cloudflare has taken this into account.
Tracing route to 18.104.22.168 [22.214.171.124] over a maximum of 30 hops:
1 1 ms 1 ms 2 ms 126.96.36.199
2 1 ms <1 ms <1 ms 188.8.131.52
3 4 ms 4 ms 4 ms 184.108.40.206
Performance from Last Mile
Breakdown by percentiles:
Breakdown by city:
Uptime by city:
Performance over Wireless
Public DNS services can be a boon over wireless networks which can cause latency and degrade DNS performance. Let’s look at the data from our wireless nodes.
Breakdown by uptime and city
Breakdown by carrier performance
Breakdown by ISP uptime
Cloudflare is fast! And our data proves it.
However, because 220.127.116.11 and 18.104.22.168 were reserved for research purposes, we strongly recommend you check your equipment’s manufacturers and with your ISPs or your corporate networking team before enabling the service.
If you do enable 22.214.171.124, be sure to monitor closely. If you’re not already a Catchpoint customer, you can trial our DNS monitoring solution.
Learn more about Catchpoint with a guided test drive.