Troubleshoot your DNS

You use the domain name system (DNS) every time you try to connect your computer to an Internet resource--a Web page, say, or an FTP directory. DNS matches human-readable names like www.macworld.com (which generally stay the same over time) to machine-readable numeric addresses (which would be hard to remember and can change constantly).

The trouble is that DNS lookups (or resolution) can take time--sometimes, a lot of time. Until they're done, the Web page or FTP directory you want can't even begin to load. That delay, known as latency, can make your Net connection feel slow.

(When you're talking about network performance, you have to distinguish latency from throughput. You can think of it in terms of plumbing: Latency is the amount of time it takes for water to go from its source to your tap; throughput is the gallons per minute that spew forth once the water begins to flow.)

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

You use the domain name system (DNS) every time you try to connect your computer to an Internet resource--a Web page, say, or an FTP directory. DNS matches human-readable names like www.macworld.com (which generally stay the same over time) to machine-readable numeric addresses (which would be hard to remember and can change constantly).

The trouble is that DNS lookups (or resolution) can take time--sometimes, a lot of time. Until they're done, the Web page or FTP directory you want can't even begin to load. That delay, known as latency, can make your Net connection feel slow.

(When you're talking about network performance, you have to distinguish latency from throughput. You can think of it in terms of plumbing: Latency is the amount of time it takes for water to go from its source to your tap; throughput is the gallons per minute that spew forth once the water begins to flow.)

Domain lookup services are provided by every Internet service provider (ISP); otherwise, their customers would have to use those numeric IP addresses, which would be untenable.

But ISPs have never had much reason to invest heavily in their DNS infrastructure, which means DNS performance can be poor. Even the less technical among us know there's something wrong when we enter a Web address and then sit staring at the "Looking for" message on our browser's status line. ("Looking for" typically means the browser hasn't found the IP address yet; "waiting for" means the IP address has been found and a request sent, but a reply has not been received.)

Such delays are especially galling if you have a speedy Net connection--more than 10 Mbps, say. A Web page might load in fractions of a second, but first you have to 10 seconds for the DNS to resolve.

Slow lookups aren't the only problem with DNS. Some ISPs have discovered that there's money to be made from users who mistype Web addresses (and no legitimate domain is registered for the typo). Instead of returning a simple error message, those ISPs instead redirect you to a page full of ads.

There are also DNS security risks. In mid-2008, for example, a flaw was discovered that affected nearly all existing DNS server software; that flaw could have enabled bad actors to hijack individual users' DNS lookups and to redirect those users' browsers to fake and malicious Websites. Providers of DNS software issued patches to bandage over that flaw. But some public DNS providers have gone further, taking additional steps to shield users from that and other serious security threats.

Lookup slow downs

If you're unhappy with your DNS, whether because of performance, ads, or security, there are things you can do to improve it.

The first step is to test it. A great free tool--Namebench--can help. The software runs a series of lookup tests, using multiple DNS services (including the one you're using now), then produces a report to show you which ones delivered the best results.

The second thing to do is switch to a new DNS provider. As Namebench will show you, there are several such alternatives. Let me focus on three of them: