Sometimes hosting providers or data centers use DNS resolvers tied to their network and add them to the /etc/resolv.conf file in the server's operating system. While these resolvers usually work, there are times where they may not run correctly or even go down for a short amount of time. This can occur when port 53 is closed and dig cannot connect, for example:
dig google.com
<<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> google.com
;; global options: +cmd
;; connection timed out; no servers could be reached
During these times, the server is generally unable to make requests or resolve any external domains. This can lead to issues with email sending and/or validating SPF and DKIM records. Depending on the reliability of the DNS resolvers, you may want to switch to a public DNS resolver that has faster response times or better uptime.
Note that some public resolvers do not allow spam RBLs to function on the server. We recommend checking the Exim configuration through WHM in Home >> Service Configuration >> Exim Configuration to ensure that your server does not have any spam RBLs enabled.
There are quite a few different public DNS resolvers out there, and we tested some of the more popular DNS resolvers available worldwide. The server we tested is located in Houston, TX, USA, so your results may differ depending on your server location. Here are the common public DNS resolvers and average testing times, which may help you determine which resolvers are best for your server:
Resolver AvgLatency
Cloudflare (1.1.1.1, 1.0.0.1) 4.66 ms
Level 3 (4.2.2.2, 4.2.2.1) 11.66 ms
OpenDNS (208.67.220.220, 208.67.222.222) 12.33 ms
Ultra (156.154.71.1, 156.154.70.1) 17.66 ms
Google (8.8.8.8, 8.8.4.4) 20.33 ms
Dyn (216.146.35.35, 216.146.36.36) 67.66 ms
Since each server and its attached network may be set up differently, we recommend testing the resolvers yourself in case they are faster than in our testing. Note that any scripts mentioned in our articles are not supported by cPanel technical support. If you have issues with the script, we recommend reaching out to a qualified system administrator for further assistance.
We used the following bash script in our testing. The script should work on any server with bash and dig installed; however, reach out to your system administrator if you have any issues.
#/bin/bash
DOMAIN=cpanel.net;
echo "Testing common resolvers and calculating average response times by testing each resolver 3 times. This may take a few minutes"
echo
for resolver in 8.8.8.8 4.2.2.2 1.1.1.1 208.67.220.220 156.154.71.1 216.146.35.35
do
echo $resolver
for reps in {1..3}
do
dig $DOMAIN @$resolver | awk '/time/ {print $4 " ms"}'
sleep 3
done |awk '/ms/ {sum+=$1} END {print "Ave time: ",sum/3, " ms"}'
echo
done
Once you have determined the best resolvers from the list of averages, update the resolver IPs through WHM:
- Log in to WHM as root.
- Navigate to Home >> Networking Setup >> Resolver Configuration.
- Select Proceed.
- Update the IPs.
- Save the new configuration.
For more information about the resolver configuration settings, refer to our documentation guide here.