POSTS

My Internet is down, or is it?

I open my browser and go to google home page, and it does not open. Does it mean my internet is down? Not always.

Sometimes your ISP’s gateway works just fine, but their DNS servers are down, making you think that your internet is down. To understand more about this, let us see what DNS is.

Domain Name Server

In the beginning, when there were only a handful of servers in the whole internet, everyone probably simply remembered the IP address of the server they wanted to access. But over time, it was decided to use the Domain name system. Domain name servers (DNS servers) were used to “translate” / “look up” a domain name into an IP address. Once this was implemented, people only had to remember domain names (such as “google.co.in”) instead of remembering IP addresses (such as “74.125.236.183”). It’s kind of like how we have forgotten all our friends phone numbers, and use our phone’s phonebook to “look up” a phone number… or better still, don’t even show me the phone number, just dial it already.

When you fire up your browser and hit “google.co.in” in the address bar, the first thing the browser does is to perform a DNS lookup to find out what is the IP address for the given domain name. If your ISP’s DNS server is down, then you will not be able to see the google home page.

To cross check, open a terminal (in Linux) or a command line window (in Windows), and run the following command:

nslookup google.co.in

If you got an error message after a long delay, it means your DNS is not working. It may also mean that your gateway also is down… but that is not the scenario we are talking about.

Let us try to resolve the domain name using a different DNS server

For Linux users,

nslookup google.co.in - 8.8.8.8

For Windows users,

nslookup google.co.in 8.8.8.8

Google is running a DNS server with the IP address 8.8.8.8 (which is easy to remember). If you see results for this command, then it means that your internet is just fine, and only your ISP’s DNS is down. (If you still get error messages, then your gateway is probably down – you had better contact your ISP’s help line.)

Now all you need to do is change your network settings and manually set the Primary DNS server to 8.8.8.8

Once this is done, you might have to restart your browser, and everything should work fine now.

Another hint that your DNS server is down is, if Skype works fine, but you are not able to browse any website. Skype probably uses IP addresses internally, without using domain names.

A word of caution

While we all know that Google is a fantastic company, they are most likely logging all your DNS lookup requests. If you are up to some mischief, and get caught, and if the police request Google for the list of websites you have been visiting, they will give the list to police. Same applies if you are using your ISP’s DNS servers.

To overcome this, you can use OpenDNS’s DNS servers. OpenDNS servers are free to use, and they are less likely to hand over your browsing history to anyone. The primary DNS server is 208.67.222.222 and the second DNS server is 208.67.220.220

Here are the instructions to change your DNS server settings to use OpenDNS.

Advice for the paranoid

Even when you use OpenDNS servers, your ISP might still spy on you, simply because DNS lookups are not encrypted. So, if you are very conscious of your security, you better read up on DNSSEC and DNSCurve.

Even more paranoid?

If you are up to some mischief, or simply do not want your ISP to track which websites you are visiting, you need to get The Onion Router. Simple download the TOR browser bundle. It works by anonymizing your browsing by sending it around the world through various nodes. Hence, this might be slow, but quite secure. Of course, if you use your TOR to check your gmail or facebook, then god help you… your anonymity is blown!

So, which DNS Server is good for me?

It really depends. If you want speed, then you can try pinging various DNS servers and see which one has the least latency.

ping 8.8.8.8

64 bytes from 8.8.8.8: icmp_req=1 ttl=52 time=36.4 ms
64 bytes from 8.8.8.8: icmp_req=2 ttl=52 time=36.0 ms
64 bytes from 8.8.8.8: icmp_req=3 ttl=52 time=35.8 ms
64 bytes from 8.8.8.8: icmp_req=4 ttl=52 time=35.5 ms

As you can see, Google’s DNS server is just 36 milliseconds away (in my case). However, if you want some anonymity, then go with OpenDNS.