Troubleshoot your DNS

You use the domain name system (DNS) every time you try to connect your computer to an Internet resource—a Web page, say, or an FTP directory. DNS matches human-readable names like www.macworld.com (which generally stay the same over time) to machine-readable numeric addresses (which would be hard to remember and can change constantly).

The trouble is that DNS lookups (or resolution) can take time—sometimes, a lot of time. Until they’re done, the Web page or FTP directory you want can’t even begin to load. That delay, known as latency, can make your Net connection feel slow.

(When you’re talking about network performance, you have to distinguish latency from throughput. You can think of it in terms of plumbing: Latency is the amount of time it takes for water to go from its source to your tap; throughput is the gallons per minute that spew forth once the water begins to flow.)

Domain lookup services are provided by every Internet service provider (ISP); otherwise, their customers would have to use those numeric IP addresses, which would be untenable.

But ISPs have never had much reason to invest heavily in their DNS infrastructure, which means DNS performance can be poor. Even the less technical among us know there’s something wrong when we enter a Web address and then sit staring at the “Looking for” message on our browser’s status line. (“Looking for” typically means the browser hasn’t found the IP address yet; “waiting for” means the IP address has been found and a request sent, but a reply has not been received.)

Such delays are especially galling if you have a speedy Net connection—more than 10 Mbps, say. A Web page might load in fractions of a second, but first you have to 10 seconds for the DNS to resolve.

Slow lookups aren’t the only problem with DNS. Some ISPs have discovered that there’s money to be made from users who mistype Web addresses (and no legitimate domain is registered for the typo). Instead of returning a simple error message, those ISPs instead redirect you to a page full of ads.

There are also DNS security risks. In mid-2008, for example, a flaw was discovered that affected nearly all existing DNS server software; that flaw could have enabled bad actors to hijack individual users’ DNS lookups and to redirect those users’ browsers to fake and malicious Websites. Providers of DNS software issued patches to bandage over that flaw. But some public DNS providers have gone further, taking additional steps to shield users from that and other serious security threats.

Lookup slow downs

If you’re unhappy with your DNS, whether because of performance, ads, or security, there are things you can do to improve it.

The first step is to test it. A great free tool— Namebench—can help. The software runs a series of lookup tests, using multiple DNS services (including the one you’re using now), then produces a report to show you which ones delivered the best results.

The second thing to do is switch to a new DNS provider. As Namebench will show you, there are several such alternatives. Let me focus on three of them:

OpenDNS, the first firm to specialize in providing just DNS; easyDNS’s DNSResolvers.com, DNS service from a veteran domain-hosting service; and Google’s recent entry, Google Public DNS. OpenDNS is the most widely used; easyDNS is highly regarded; and Google is, well, Google.

Although OpenDNS offers its lookup services for free, it is a business. It makes its money by charging for more advanced features, such as malware blocking, removing ads, and providing logging data.

It also makes money through a form of redirection: It will try to correct typos: If you enter the wrong address—.cmo instead of .com—OpenDNS will correct it for you. But if you mistype an address that OpenDNS can’t correct (or click on a link to a dead Web site or enter a keyword like camcorders in your browser’s Location field), the service will redirect you to a page showing you Google search results, alongside Google ads, for whatever you typed.

OpenDNS is completely open and aboveboard about all of this. And you can control some of this behavior; if you have a fixed IP address, OpenDNS allows you specify service settings—including disabling typo correction and search results for invalid entries—for computers at it.

Both DNSResolvers.com and Google Public DNS eschew ads and add-ons. Both offer plain old DNS; there’s no funny business, however well disclosed, when a non-existent domain name is typed. easyDNS uses DNSResolvers.com as a calling card for its paid domain hosting services. Google’s stated goal in offering free DNS is “to benefit users worldwide while also helping the tens of thousands of DNS resolvers improve their services;” some skeptics theorize that it may have more to do with avoiding advertising payouts to OpenDNS.

All three services offer a variety of security enhancements, aimed at preventing malicious parties from subverting DNS and causing your e-mail, Web, or other Net transactions to go astray.

Adjust your settings

To use either of these services (or any other DNS provider you prefer), you need to reconfigure IP addresses DNS settings on your router, your computer, or both. The IP addresses for each:

• OpenDNS: 208.67.222.222 and 208.67.220.220;
• DNSResolvers.com: 205.210.42.205 and 64.68.200.200; and
• Google: 8.8.8.8 and 8.8.4.4

Apple base stations With any Apple base station released in 2003 or later, the steps are the same: Launch AirPort Utility (Applications -> Utilities). (If you’re using Tiger or Windows, you can download versions for both from Apple’s support site.)

Select your base station in the left pane, click on the Manual Setup button in the lower part of the screen, then click on the Internet icon. In the Internet Connection tab, enter the addresses for your new DNS servers in the DNS Server(s) fields. (The order of addresses doesn’t really matter.) When you’re done, click on Update to restart the router.

(Note: Apple has released AirPort Utility 5.5, in which the layout of the Internet Connection tab is slightly different; it is available to anyone who purchased an AirPort Extreme or Time Capsule since October 2009, but it’s not available as a general download yet.)

Other base stations Specifics will obviously vary, but almost every router has Web-based configuration tools which will allow you to modify its DNS settings. Typically you edit the relevant fields in your browser, then restart the router.

OS X If your router uses DHCP to assign addresses automatically to networked computers, your Mac should start using the new DNS servers as soon as you edit the router’s settings. But if you don’t use DHCP, or if you want to specify other DNS settings on specific Macs, you can edit the DNS settings in OS X.

To do so, launch the Network System Preferences panel. Choose your network adapter—such as AirPort or Ethernet—then click the Advanced button and open the DNS tab. If your DNS settings have been assigned by DHCP, click the Plus (+) button to add your new DNS provider’s addresses. If you manually entered DNS addresses before, double-click them and replace them with the new ones. Or select each one, click on the Minus (-) button to remove it, then enter the new addresses as above. When you’re done, click on OK, then on Apply.

If you set the DNS on your computer, note that this will likely cause problems at Wi-Fi hot spots that use a Web page redirect to require you to pay or log in or accept terms of service. If you find yourself unable to get a Web page to appear at a cafe, airport, or hotel hot spot, create a new Network profile, and delete the DNS servers in that profile. The network address server at the hot spot will automatically provide the necessary DNS, and let you see the redirection page.

Changing DNS is a small change. But it could remove a big frustration from your daily Internet use.