People should use their ISP's DNS as well which is often <5ms. I've never bothered using an off-net DNS provider for this reason given how much faster is it to use an on-net caching DNS resolver provided by my ISP.
It depends on the competency of your ISP and how aggressive they are about so-called features. In several cases, the ISP provided DNS decided not to return NX results and instead returned a page of ads which was great for email servers, back in the day. The other failure mode I've seen is that the ISP's DNS servers are overloaded and take several seconds to respond.
There's also the reality that using your ISP's DNS almost entirely moots any VPN you use. The main reason to use a VPN is to hide your browsing from your ISP and anyone your ISP might be reporting to (in the US for example we've seen several programs where the government intercepts ISP data at special places in interconnects, so even if your ISP publicly says your DNS is safe, it could actually be logged to a spy database associated to you)
When you use a VPN and then immediately send all your DNS lookups right back to your ISP... Hey I wonder where this person is actually from! Maybe the geographical area of the regional ISP that all their DNS lookups are coming from...
>People should use their ISP's DNS as well which is often <5ms. I've never bothered using an off-net DNS provider for this reason given how much faster is it to use an on-net caching DNS resolver provided by my ISP.
I've been using a local recursive resolver for the past 2-3 years and haven't seen a noticeable difference in resolution times as compared with using my ISP's resolver.
I would guess that using a local recursive resolver (although it caches as well, so that's less of an issue with items in-cache) increases resolution times, but only on the order of tens of milliseconds.
Which is peanuts compared to client/server query response times, especially if requests return data and/or javascript heavy results.
And given that many ISPs mine their customers' DNS queries and sometimes return incorrect (from the perspective of the customer) results, I'd rather not use my ISP's resolvers -- and that hasn't had any noticeable impact on responses to browser requests.
In fact, uMatrix tends to slow things down much more for me as I often have to choose which scripts/3rd party assets/etc. to allow in order to browse a particular site -- or just to abandon the attempt if there's too much cruft.
That especially annoys me when I need to load scripts from several different sites just to view text. In those cases, I usually just close the tab.
In my experience, ISPs DNS servers are slower compared to 8.8.8.8 or 1.1.1.1, especially for "complex" lookups where there are as many as 6 CNAMEs in the DNS chain.
Also, they often run a single instance of bind, with little to no load-balancing.