DNS could slow broadband service

A broadband provider's claim of superfast speeds may only be as good as its weakest link, which could be its domain name server software.

A report issued Thursday by Nominum, a company that sells domain name system (DNS) server software, indicated that some broadband service providers need to bulk up their DNS servers to ensure that broadband users actually get all the benefits of their high-speed connections.

"We hear stories about carriers spending billions of dollars to build new fiber-to-the-home networks or 3G (third-generation) wireless networks," said Paul Mockapetris, inventor of the DNS architecture and chairman and chief scientist at Nominum. "But broadband providers should also spend some money adding more DNS capability. Pure bandwidth doesn't solve the problem if the DNS servers can't respond quickly."

DNS functions as the "phonebook" of the Internet, mapping text-based domain names such as www.cnet.com to the numerical Internet Protocol addresses used by computers. Internet users typically use the DNS service run by their service provider.

When DNS servers are running slow or when they drop queries, people experience Web pages loading slower, delays in sending and receiving e-mails, and poor response times when they're trying to play interactive video games.

More than 48 million American households have broadband access today, according to the Leichtman Research Group. To entice consumers to use their service, phone companies and cable operators have focused a lot of attention and marketing dollars on convincing potential customers that their service is the fastest. Verizon Communications is spending $20 billion over the next few years to build a fiber-to-the-home network called Fios, which it claims provides the fastest Internet access network in the United States.

In the survey commissioned by Nominum and conducted by VeriTest in April, Verizon's Fios network and its DSL (digital subscriber line) service actually had the worst response times of any broadband provider measured. According to VeriTest data, the Verizon Fios service had an average DNS response time of about 180 milliseconds. By contrast Comcast, which is a Nominum customer, had the fastest response time of roughly 40 milliseconds.

Bobbi Henson, a Verizon spokeswoman, said the company has been upgrading and tweaking its DNS servers over the past several months. She also said the company has conducted its own tests with VeriTest, which show very different results.

"We would dispute that we have the slowest DNS look-ups in the industry," she said. "We conduct our own studies monthly. We are always looking at the overall performance of our DNS servers and tweaking them to improve performance."

At the end of the day, all the broadband providers in the report had response times in either tens or hundreds of milliseconds, hardly enough time for the average user to even notice, said Joe Laszlo, an analyst at Jupiter Research. He acknowledged that upgrading networks to increase raw bandwidth takes the bottleneck out of one part of the network, and inevitably exposes flaws in other parts of the network. But he said he doesn't believe DNS is the biggest culprit in noticeably slowing Internet service.

"So much of the perceived performance of a service depends on how fast your browser in your computer can process Web pages or how quickly your graphics card can render images," he said. "Slow DNS response times could impact the speed of the service, but I don't think it's the No. 1, No. 2 or even No. 3 issue that creates noticeable delays for users."

[Sparky672]

It's true

I'm a ATT DSL Pro user at 3.0 MBps.

I switched to OpenDNS.org and everything seems a bit quicker.

Changing the DNS settings can be done at the router for the
whole LAN or at each computer to override the router's settings.
Very easy to do and OpenDNS is free.

Plus they block phishing sites and correct some misspelled
domain names- very neat.

[kloroformd]

True...

I'm on comcast, about 50 miles from Dallas. When I do a bandwidth test to Dallas on speedtest.net, I get 18ms ping and 6200Kbps...

[katamari]

Has NOTHING to do with DNS.

Your speed test has *absolutely NOTHING* to do with DNS. It has to do with round-trip times and (possibly) general bandwidth.

[SCKarl]

This article is cr@p...

Yes, your DNS servers are important for your first hit to a website, but once it is found the IP is stored and it does not need to take a long time finding it the next time (like 180 MILLISECONDS is such a long time)...

BUT Comcast's DNS servers are AWFUL. I have both Comcast and bellSouth DSL. BellSouth DSL DNS servers are faster. For my comcast connection I actually override their DNS servers and use other ones (which is a valid option for anyone with a router, so the DNS servers are not a big deal...).

And of course, this article they are referring to at the beginning was published by a company that sells DNS services (no biased opinions from them I'm sure).

Personally I can't wait until Verizon FIOS is available in Atlanta (I've been following it for about 2 years now waiting). It is by far the fastest available and I will get it as soon as I can - and if the DNS servers are slow I will just point my router to other freely available DNS servers - no big deal.

[katamari]

SOA TTL

I recommend you read up a bit on how DNS works, particularly in regards to DNS SOA records.

Many zones these days have VERY short TTLs (5 minutes in some cases!), which means you're going to do a recursive lookup -- as are any DNS servers along the path -- when that TTL is expired.

As for records that are already cached -- oh yes, very quick. :-)

[gokoon]

Thanks for the info

I'm a new Verizon Tech, and I work with the FiOS system (originally I was with FTTP, the contruction side) and I know advertized Bandwith we blow Comcast out of the water (we currently offer 5Mbs down/2 up, 15Mbs down/2 up, and 30Mbs down/2 up but are making plans to upgrade to 10down/2up, 20down/2up, 30down/2up I might be a little off on some numbers...)one thing that most people don't realize the physical limitations of the two media (coax/fiber) are extremely different

Coax-metalic(susceptible to heat, rust, EMI, weight)
Fiber-glass(immune to rust, EMI/more tolerant to heat/much lighter)
Coax-to increase bandwith, higher frequencies are needed, and higher frequencies in a metalic media equate to heat, heat equates to resistance, resistance equates to loss
Fiber-as far as I know, it is currently limited by electronics at both ends, otherwise the full potential has yet to be tapped

Like I said, I'm a fledgling tech and a physics hobbyist, do not quote me on this info, research it yerself
I am not an expert, just a repository of information, thanks.

[OpenDNS_Fanboy]

Switch to OpenDNS!

ISPs don't care about DNS. switch to someone that does. www.opendns.com

[G.Nuisance]

Cool..

Thanks i wasnt aware of this system so i tried it and it really does speed things up,

Thanks

[katamari]

Concerns with this service...

I recommend people read OpenDNS's "What We Do" section *thoroughly* before making their decision.

Also of related importance, NANOG recently had a discussion about the "features" of OpenDNS (such as re-writing of typo'd URLs and what they consider "legitimate" sites vs. phishing):

<a class="jive-link-external" href="http://www.merit.edu/mail.archives/nanog/msg01075.html" target="_newWindow">http://www.merit.edu/mail.archives/nanog/msg01075.html</a>

For the general news article from Mark Jeftovic, see here:

<a class="jive-link-external" href="http://www.circleid.com/posts/opendns_anti_phishing_typosquatter_no_sitefinder/" target="_newWindow">http://www.circleid.com/posts/opendns_anti_phishing_typosquatter_no_sitefinder/</a>

It, and the NANOG thread, are worth reading.

[thedreaming]

I switched

Back when it was first mentioned here on news.com, I went to their homepage, read their faq, their terms of service, looked for the "catch" and couldn't find out, so I use it. My reasons? I use a dsl modem and a router. Using this combination, my dsl modem used to complain about a dns recursive error which their technical support could not fix. I loaded the opendns addresses to the router and the problem is now gone.

What I really like about the service is that it's free and I still have a choice. I don't have to use them if I don't want to but since it works well for me, I think I'll keep using them, at least until they start to suffer performance problems from too many people using them at once.

[disco-legend-zeke]

HELP: MY WEBSITE BLOCKED BY OPENDNS

phone calls and emails unanswered after 5 full minutes of complaining.

OH, this is awful.

I spend thousands of dollars advertising my website and its BLOCKED by openDNS :

&gt; anyhoo.com
Server: resolver1.opendns.com
Address: 208.67.222.222

Non-authoritative answer:
Name: anyhoo.com.zekes.com
Address: 208.67.219.40

how do i stop this?

HELP

[idsantos]

DNS Servers

Perhaps these ISP's are still using 486 computers which is not able to handle the load of today.

OR the servers are connected to the internet using 9600 baud modem connection.

[rcrusoe]

What "superfast speeds"?

I wasn't aware that any major U.S. was offering "superfast" speeds.
The best I've seen promises about 8 MB and delivers something
less than that.

Based on what's available in other countries, I'd describe
"superfast" and 100 MB+. None of the overpriced offerings
available in my part of the U.S deserves that title.

[thedreaming]

Slow in America

In other countries internet access is faster but in America, we have to pay through the nose for that kinds of speed and most of the world wide web is located in America and most of the control of the internet is here, so why do Americans have such a lousy connection to it?

[Seaspray0]

Where DNS makes the difference

When you type in a webpage, the DNS server must resolve it to an IP address and provide that to your computer before your computer can retrieve the webpage. Your computer also keeps a cache of DNS entries that gets wiped when you turn it off. Where DNS makes the difference is going to a website for the first time since your computer was started. You can receive more delay if your PC is also loading the page fresh (not caching the pictures, icons, etc). All in all, a slow DNS server doesn't cause that much delay... but as this is tech news, cnet should report it. What they should have also included is a side by side comparison of retrieving webpages to show the overall effect of a slow DNS server.

[disco-legend-zeke]

You only do DNS one time.

Although _missing_ DNS packets can cause a 30 second timeout, the difference between 80 Ms and 120 Ms (as stated in the article) is meaningless.

A DNS lookup is only performed once, and then the results are stored locally inside your computer. To see this type "ipconfig /displaydns" (without the quotes) at a windows command prompt

This in no way is to say there is anything wrong with the NOMINUM product, just that the claims of improved broadband service are mere puffery.

[David_Ulevitch]

That's not true.

That's the theory, but that's not how computers behave. How big do you think your windows DNS cache is?

[jamesivie]

Totally misleading...

"When DNS servers are running slow or when they drop queries, people experience Web pages loading slower, delays in sending and receiving e-mails, and poor response times when they're trying to play interactive video games"

No. Web pages will start loading slower. They will only load slower if the pictures are one different domains, which isn't common.

Delays "receiving" e-mails. Not at all. Only sending.

Poor response times in video games? Only if the game programmer was an idiot. The time to connect to the server may be affected, but once conencted, DNS is COMPLETELY irrelevant.

[wbenton]

Only Common Sense

When you upgrade your network to 100Mbps, 10Mbps servers won't carry the newly added 100Mbps Client load.

When you upgrade your network to 1Gbps, 100Mbps servers won't carry the newly added 1Gpbs Client load.

When you upgrade your network to 10Gbps, 1Gbps servers won't carry the newly added 10Gbps Client load.

When you upgrade your network to 100Gbps, 10Gbps servers won't carry the newly added 100Gbps Client load.

When you upgrade your network to 1Tbps, 100Gbps servers won't carry the newly added 1Tbps Client load.

When you upgrade your network to 10Tbps, 1Tbps servers won't carry the newly added 10Tbps Client load.

When you upgrade your network to 100Tbps, 10Tbps servers won't carry the newly added 100Tbps Client load.

When you upgrade your network to 1Pbps, the 100Tbps servers won't carry the newly added 1Pbps Client load.

When you upgrade your network to 10Pbps, the 1Pbps servers won't carry the newly added 10Pbps Client load.

Etc. et. al.. ad inifinum.

It's commong sense. Has always been since 10Mbps Ethernet moved to 100Mbps... and continues to be so.

That said... why report common sense.

Rather that write the article this way... slant it against the ISP's whom don't follow common sense!

Walt

[kenscale]

Hooray! You win the prize. You are know a member of the obvious club!
For years I have tried to explain this concept.
It's like owning a car that can do 200 mph.
You can only go as fast as road conditions or traffic permit.
Improve the roads to fiber optics and unleash the beast within and enjoy the wind in your hair!

[David_Ulevitch]

What are you talking about?

The only sites we stop from resolving are phishing sites and if they are hosted on compormised machines we unblock them when they are cleaned up.

Perhaps you'd like to contact us about helping you to fix your compromised server? If you're running a phishing site and you spent thousands of dollars on it I don't have much to say to you. :-(

-david

[max_thedog]

Somewhat misleading...

Although DNS is one of the crucial parts of the network, care has to be taken on the actual traffic patterns and caching of actual DNS entries.

Once a site has been found, its entries are cached locally and at that point, your PC is usually the bottleneck along with network latency.

The slowness should only occur when you go to a site for the first time. And let's face it, we are creatures of habit and we tend to go to the same sites daily. So for a single user, the response time occurs when you type the URL for the first time. Afterwhich, no real delays. Please remember than at 180ms, it's a blink of an eye, it's faster than a sip of coffee, and faster that most people realize. As long as we don't start counting blinking and sipping coffee, we're ok...

[gokoon]

So if lookup times are an issue...

Is there anyway to hard cache yer visits to disk so that browsers look there first as opposed to going straight to the "bottle-neck" of DNS's, and also if the DNS does go down, at least you can get to commonly visited websites from your personal DNS.

Or do I totally misunderstand DNS theory?

[SafeFromSites]

Our DNS wont slow you, but it will protect you

Safe From Sites offers DNS that blocks access to Bad sites.

<a class="jive-link-external" href="http://www.safefromsites.com" target="_newWindow">http://www.safefromsites.com</a>

[ronel_rl]

Fios is better with OPENDNS or any free DNS.....