Switching to a public DNS resolver can improve DNS resolution times and overall server reliability, especially during instances where the default resolvers fail. Using the provided script in the guide to test DNS resolver performance is a great way to determine which option works best for your server's setup.
Pre-requirements
- Root or sudo access to your server.
- Basic knowledge of DNS resolvers and server networking.
- WHM access for updating resolver configurations.
Understanding the Problem
Hosting providers or data centers often add DNS resolvers tied to their network into the server's /etc/resolv.conf file. While these resolvers generally work, there are instances where they may fail, such as when port 53 is closed, preventing dig from connecting:
dig google.com
<<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> google.com
;; global options: +cmd
;; connection timed out; no servers could be reached
When DNS resolvers go down, the server cannot resolve external domains, which can cause problems with email delivery, SPF/DKIM validation, and other DNS-related functions.
Step 1: Why Consider Public DNS Resolvers?
If your server is experiencing issues due to the default DNS resolvers, switching to a public DNS resolver with better uptime or faster response times can help. Public DNS resolvers are often more reliable and widely used across the internet.
Important: Some public DNS resolvers do not support spam RBLs (Real-time Blackhole Lists), so it's critical to review your Exim configuration and ensure spam filters are correctly set. This can be done via WHM:
WHM >> Home >> Service Configuration >> Exim ConfigurationStep 2: Popular Public DNS Resolvers and Their Performance
We tested several public DNS resolvers for average latency. Your results may differ based on your server's location and network setup. Here are the average response times based on our testing from Houston, TX, USA:
| Resolver | IP Addresses | Average Latency |
|---|---|---|
| UltraDNS | 156.154.71.1, 156.154.70.1 | 19.6667 ms |
| Level 3 | 4.2.2.2, 4.2.2.1 | 22 ms |
| 8.8.8.8, 8.8.4.4 | 32.3333 ms | |
| Dyn | 216.146.35.35, 216.146.36.36 | 38 ms |
| Cloudflare | 1.1.1.1, 1.0.0.1 | 50.6667 ms |
| OpenDNS | 208.67.220.220, 208.67.222.222 | 58 ms |
Note: Since each server and network may differ, you should test the DNS resolvers on your server to determine the best one for your setup.
Step 3: Testing DNS Resolver Performance
To test the performance of different DNS resolvers, use the following bash script. This script tests each resolver three times and calculates the average response time:
To create and execute this script, follow these steps:
- Open a terminal on your Linux machine.
- Create a new bash script file. You can do this using a text editor like
nano,vi, orvim. For example:
vim cpanel_resolver-finder.shPaste the script code into the file:
#/bin/bash
DOMAIN=$domain;
echo "Testing common resolvers and calculating average response times by testing each resolver 3 times. This may take a few minutes"
echo
for resolver in 8.8.8.8 4.2.2.2 1.1.1.1 208.67.220.220 156.154.71.1 216.146.35.35
do
echo $resolver
for reps in {1..3}
do
dig $DOMAIN @$resolver | awk '/time/ {print $4 " ms"}'
sleep 3
done |awk '/ms/ {sum+=$1} END {print "Ave time: ",sum/3, " ms"}'
echo
done
Save the file and exit the editor. If using nano, you can save by pressing Ctrl + O, then exit with Ctrl + X.
Make the script executable by running the following command:
chmod +x cpanel_resolver-finder.shThis script should work on any server with bash and dig installed. Run the script to identify which resolver has the fastest response time on your server.
./cpanel_resolver-finder.shThe script will execute and test DNS resolution times for the specified resolvers.
Step 4: Update DNS Resolvers in WHM
Once you've identified the best DNS resolver based on your test results, you can update the resolver IPs via WHM:
- Log in to WHM as root.
- Navigate to Home >> Networking Setup >> Resolver Configuration.
- Click Proceed to start the configuration process.
- Update the IP addresses of the resolvers based on your testing results.
- Click Save to apply the new configuration.
Summary & Recommendation
| Provider | Primary IPv4 | Secondary IPv4 | Pros | Cons |
|---|---|---|---|---|
| Google Public DNS | 8.8.8.8 | 8.8.4.4 |
|
|
| Cloudflare DNS | 1.1.1.1 | 1.0.0.1 |
|
|
| Quad9 DNS | 9.9.9.9 | 149.112.112.112 |
|
|
| OpenDNS (Cisco) | 208.67.222.222 | 208.67.220.220 |
|
|
| CleanBrowsing DNS | 185.228.168.9 | 185.228.169.9 |
|
|
| Level 3 (CenturyLink / Lumen) | 4.2.2.1 | 4.2.2.2 |
|
|
| Comodo Secure DNS | 8.26.56.26 | 8.20.247.20 |
|
|
| AdGuard DNS | 94.140.14.14 | 94.140.15.15 |
|
|
| Yandex DNS | 77.88.8.8 | 77.88.8.1 |
|
|
| NextDNS | N/A (custom setup) | N/A (custom setup) |
|
|
Gotchas to Avoid
- Ensure that any public resolver you choose supports spam RBLs if they are used on your server.
- Test each DNS resolver in your environment to ensure you are selecting the fastest and most reliable option.
- Keep in mind that your network setup and server location can affect the performance of each DNS resolver.
As always, remember to update your server's resolver settings through WHM after testing.
