Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

2018-09-27 Thread Grant Taylor via NANOG 

On 09/27/2018 08:10 AM, Josh Luthman wrote:

+1 for Yoni's recommendation of DNS Benchmark (Windows only).


I've heard of multiple people running Steve's free DNS Benchmark utility 
on Mac OS X and Linux via Wine.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

2018-09-27 Thread Josh Luthman 
+1 for Yoni's recommendation of DNS Benchmark (Windows only).


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Wed, Sep 26, 2018 at 9:03 AM, Yoni Radzin  wrote:

>
> For Window’s clients, you might want to try out this freeware GRC tool for
> benchmarking DNS performance:
>
> https://www.grc.com/dns/benchmark.htm
>
> Cheers
>
> --
> *Yonatan (Yoni) Radzin*
> *yrad...@gmail.com *
>
> On Sep 26, 2018, at 3:59 AM, Michael Bullut  wrote:
>
> Hi Ross,
>
> How would you gauge good DNS performance?
>
> Warm regards,
>
> Michael.
>
>
> On Wed, 26 Sep 2018 at 10:50, Ross Tajvar  wrote:
>
>> Do note that ping response times are not a good indicator of DNS
>> performance.
>>
>> On Wed, Sep 26, 2018, 3:48 AM Michael Bullut  wrote:
>>
>>> Greetings Team,
>>>
>>> Has anyone deployed the aforementioned in your individual networks? A
>>> quick test suggests it is quite fast compared with Google's D.N.S.
>>> resolvers:
>>>
>>> *C:\Users\bullutm>ping 1.1.1.1*
>>>
>>> *Pinging 1.1.1.1 with 32 bytes of data:*
>>> *Reply from 1.1.1.1 : bytes=32 time=3ms TTL=61*
>>> *Reply from 1.1.1.1 : bytes=32 time=4ms TTL=61*
>>> *Reply from 1.1.1.1 : bytes=32 time=8ms TTL=61*
>>> *Reply from 1.1.1.1 : bytes=32 time=4ms TTL=61*
>>>
>>> *Ping statistics for 1.1.1.1 :*
>>> *Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),*
>>> *Approximate round trip times in milli-seconds:*
>>> *Minimum = 3ms, Maximum = 8ms, Average = 4ms*
>>>
>>> *C:\Users\bullutm>*
>>>
>>> *---*
>>>
>>> *C:\Users\bullutm>tracert 1.1.1.1*
>>>
>>> *Tracing route to one.one.one.one [1.1.1.1]*
>>> *over a maximum of 30 hops:*
>>>
>>> *  1 4 ms
>>>  3 ms
>>>  4 ms
>>> 10.101.129.254*
>>> *  2 6 ms
>>> 20 ms
>>>  7
>>>  ms
>>> 10.98.0.165*
>>> *  3 7 ms13 ms
>>> 15 ms
>>>   10.98.0.233*
>>> *  4 7 ms 5 ms 4 ms  one.one.one.one [1.1.1.1]*
>>>
>>> *Trace complete.*
>>>
>>> *C:\Users\bullutm>*
>>>
>>> Warm regards,
>>>
>>> Michael Bullut.
>>>
>>> ---
>>>
>>> *Cell:*
>>> *+254 723 393 114.**Skype Name:* *Michael Bullut.*
>>> *Twitter:*
>>> * @Kipsang *
>>> *Blog: http://www.kipsang.com/ *
>>> *E-mail:* *m...@kipsang.com *
>>>
>>> *---*
>>>
>>

Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

2018-09-26 Thread Blake Hudson 




valdis.kletni...@vt.edu wrote on 9/26/2018 1:44 PM:

On Wed, 26 Sep 2018 10:52:07 +0300, Michael Bullut said:


Has anyone deployed the aforementioned in your individual networks? A quick
test suggests it is quite fast compared with Google's D.N.S. resolvers:
*Reply from 1.1.1.1 : bytes=32 time=3ms TTL=61*

3ms indicates you're hitting an instance that is fairly close by, network-wise.

Looking at your traceroute:

3     7 ms    13 ms    15 ms  10.98.0.233
4     7 ms     5 ms     4 ms  one.one.one.one [1.1.1.1]

The instance is apparently on the same subnet as your CGN exit point.  As such,
unless CloudFlare is deploying a *lot* of anycast instances, most people are
not going to have the joyous experience you have.

 From my desktop, 1.1.1.1 is 7 network hops away, compared to 8.8.8.8's 10 hops,
but the extra 3 hops inside AS15169 probably don't leave the building, and may
not even leave the rack. Both are right around 6.9ms away - while *our* network
presence there is 4 hops and also 6.9ms away and traceroute is showing jitter
larger than the difference between our router and either DNS service...



I'm not a proponent of using 1.1.1.1, but CloudFlare does have a good CDN:

Pinging 1.1.1.1 with 32 bytes of data:
Reply from 1.1.1.1: bytes=32 time<1ms TTL=58
Reply from 1.1.1.1: bytes=32 time<1ms TTL=58
Reply from 1.1.1.1: bytes=32 time<1ms TTL=58
Reply from 1.1.1.1: bytes=32 time<1ms TTL=58


Tracing route to one.one.one.one [1.1.1.1]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  
  2    <1 ms    <1 ms    <1 ms  
  3    <1 ms    <1 ms    <1 ms 
  4 1 ms 1 ms 1 ms  209.152.151.8
  5 1 ms 1 ms 1 ms  38.140.136.177
  6 1 ms    <1 ms    <1 ms  38.140.136.74
  7    <1 ms    <1 ms    <1 ms  one.one.one.one [1.1.1.1]

Trace complete.


dig @1.1.1.1 cloudflare.com | grep 'Query time'
;; Query time: 1 msec
dig @1.1.1.1 nanog.org | grep 'Query time'
;; Query time: 28 msec

Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

2018-09-26 Thread valdis . kletnieks 
On Wed, 26 Sep 2018 10:52:07 +0300, Michael Bullut said:

> Has anyone deployed the aforementioned in your individual networks? A quick
> test suggests it is quite fast compared with Google's D.N.S. resolvers:

> *Reply from 1.1.1.1 : bytes=32 time=3ms TTL=61*

3ms indicates you're hitting an instance that is fairly close by, network-wise.

Looking at your traceroute:

3     7 ms    13 ms    15 ms  10.98.0.233
4     7 ms     5 ms     4 ms  one.one.one.one [1.1.1.1]

The instance is apparently on the same subnet as your CGN exit point.  As such,
unless CloudFlare is deploying a *lot* of anycast instances, most people are
not going to have the joyous experience you have. 

>From my desktop, 1.1.1.1 is 7 network hops away, compared to 8.8.8.8's 10 hops,
but the extra 3 hops inside AS15169 probably don't leave the building, and may
not even leave the rack. Both are right around 6.9ms away - while *our* network
presence there is 4 hops and also 6.9ms away and traceroute is showing jitter
larger than the difference between our router and either DNS service...



pgpjSzKaxLaLy.pgp
Description: PGP signature

Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

2018-09-26 Thread John Levine 
In article <87in2sy5eh@pc8.berlin.quux.de> you write:
>quick and dirty:
>
>jens@screen:~$ dig nanog.org @8.8.8.8 | grep "Query time"
>;; Query time: 16 msec
>jens@screen:~$ dig nanog.org @1.1.1.1 | grep "Query time"
>;; Query time: 3 msec

Yeah, that's super reliable:

$ drill nanog.org @1.1.1.1 | grep "Query time"
;; Query time: 31 msec
$ drill nanog.org @1.1.1.1 | grep "Query time"
;; Query time: 18 msec

Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

2018-09-26 Thread Yoni Radzin 

For Window’s clients, you might want to try out this freeware GRC tool for 
benchmarking DNS performance:

https://www.grc.com/dns/benchmark.htm

Cheers

-- 
Yonatan (Yoni) Radzin
yrad...@gmail.com

> On Sep 26, 2018, at 3:59 AM, Michael Bullut  wrote:
> 
> Hi Ross,
> 
> How would you gauge good DNS performance? 
> 
> Warm regards, 
> 
> Michael.
> 
> 
>> On Wed, 26 Sep 2018 at 10:50, Ross Tajvar  wrote:
>> Do note that ping response times are not a good indicator of DNS performance.
>> 
>>> On Wed, Sep 26, 2018, 3:48 AM Michael Bullut  wrote:
>>> Greetings Team,
>>> 
>>> Has anyone deployed the aforementioned in your individual networks? A quick 
>>> test suggests it is quite fast compared with Google's D.N.S. resolvers:
>>> 
>>> C:\Users\bullutm>ping 1.1.1.1
>>> 
>>> Pinging 1.1.1.1 with 32 bytes of data:
>>> Reply from 1.1.1.1: bytes=32 time=3ms TTL=61
>>> Reply from 1.1.1.1: bytes=32 time=4ms TTL=61
>>> Reply from 1.1.1.1: bytes=32 time=8ms TTL=61
>>> Reply from 1.1.1.1: bytes=32 time=4ms TTL=61
>>> 
>>> Ping statistics for 1.1.1.1:
>>> Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
>>> Approximate round trip times in milli-seconds:
>>> Minimum = 3ms, Maximum = 8ms, Average = 4ms
>>> 
>>> C:\Users\bullutm>
>>> 
>>> ---
>>> 
>>> C:\Users\bullutm>tracert 1.1.1.1
>>> 
>>> Tracing route to one.one.one.one [1.1.1.1]
>>> over a maximum of 30 hops:
>>> 
>>>   1 4 ms 3 ms 4 ms  10.101.129.254
>>>   2 6 ms20 ms 7 ms  10.98.0.165
>>>   3 7 ms13 ms15 ms  10.98.0.233
>>>   4 7 ms 5 ms 4 ms  one.one.one.one [1.1.1.1]
>>> 
>>> Trace complete.
>>> 
>>> C:\Users\bullutm>
>>> 
>>> Warm regards, 
>>> 
>>> Michael Bullut. 
>>> 
>>> ---
>>> 
>>> Cell: +254 723 393 114.
>>> Skype Name: Michael Bullut.
>>> Twitter: @Kipsang
>>> Blog: http://www.kipsang.com/
>>> E-mail: m...@kipsang.com
>>> 
>>> ---

Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

2018-09-26 Thread Mike Hammett 
Seems like a good reason to not use Firefox. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: niels=na...@bakker.net 
To: nanog@nanog.org 
Sent: Wednesday, September 26, 2018 6:34:44 AM 
Subject: Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1) 

* na...@ics-il.net (Mike Hammett) [Wed 26 Sep 2018, 13:14 CEST]: 
>I recommend that eyeball networks don't run any external recursive 
>server for optimal CDN performance. Yes, some CDNs support other 
>methods, but not all. If not all do, then the requirement remains. 

+1 

https://blog.powerdns.com/2018/09/04/on-firefox-moving-dns-to-a-third-party/ 


-- Niels.

Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

2018-09-26 Thread niels=nanog 

* na...@ics-il.net (Mike Hammett) [Wed 26 Sep 2018, 13:14 CEST]:
I recommend that eyeball networks don't run any external recursive 
server for optimal CDN performance. Yes, some CDNs support other 
methods, but not all. If not all do, then the requirement remains.


+1

https://blog.powerdns.com/2018/09/04/on-firefox-moving-dns-to-a-third-party/


-- Niels.

Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

2018-09-26 Thread Mike Hammett 
I recommend that eyeball networks don't run any external recursive server for 
optimal CDN performance. Yes, some CDNs support other methods, but not all. If 
not all do, then the requirement remains. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: "Michael Bullut"  
To: nanog@nanog.org 
Sent: Wednesday, September 26, 2018 2:52:07 AM 
Subject: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1) 




Greetings Team, 


Has anyone deployed the aforementioned in your individual networks? A quick 
test suggests it is quite fast compared with Google's D.N.S. resolvers: 



C:\Users\bullutm>ping 1.1.1.1 


Pinging 1.1.1.1 with 32 bytes of data: 
Reply from 1.1.1.1 : bytes=32 time=3ms TTL=61 
Reply from 1.1.1.1 : bytes=32 time=4ms TTL=61 
Reply from 1.1.1.1 : bytes=32 time=8ms TTL=61 
Reply from 1.1.1.1 : bytes=32 time=4ms TTL=61 


Ping statistics for 1.1.1.1 : 
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 
Approximate round trip times in milli-seconds: 
Minimum = 3ms, Maximum = 8ms, Average = 4ms 


C:\Users\bullutm> 



--- 


C:\Users\bullutm>tracert 1.1.1.1 


Tracing route to one.one.one.one [1.1.1.1] 
over a maximum of 30 hops: 


1 4 ms 3 ms 4 ms 10.101.129.254 
2 6 ms 20 ms 7 ms 10.98.0.165 
3 7 ms 13 ms 15 ms 10.98.0.233 
4 7 ms 5 ms 4 ms one.one.one.one [1.1.1.1] 


Trace complete. 


C:\Users\bullutm> 




Warm regards, 

Michael Bullut. 


--- 

Cell: +254 723 393 114. 
Skype Name: Michael Bullut. 

Twitter: @Kipsang 

Blog: http://www.kipsang.com/ 
E-mail: m...@kipsang.com 


---

Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

2018-09-26 Thread Tony Finch 
Jens Link  wrote:
>
> jens@screen:~$ dig nanog.org @8.8.8.8 | grep "Query time"
> ;; Query time: 16 msec
> jens@screen:~$ dig nanog.org @1.1.1.1 | grep "Query time"
> ;; Query time: 3 msec

You can use dig -u to get microsecond resolution, e.g.

$ dig -u @131.111.8.42 nanog.org | grep time:
;; Query time: 611 usec

Tony.
-- 
f.anthony.n.finchhttp://dotat.at/
work to the benefit of all

Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

2018-09-26 Thread Stephane Bortzmeyer 
On Wed, Sep 26, 2018 at 11:28:06AM +0200,
 Jens Link  wrote 
 a message of 14 lines which said:

> quick and dirty:

Indeed. For instance, the delay depends wether the cache it hot or
cold (measuring response time for an authoritative server is easier).

Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

2018-09-26 Thread Jens Link 
Michael Bullut  writes:

> Hi Ross,
>
> How would you gauge good DNS performance? 

quick and dirty:

jens@screen:~$ dig nanog.org @8.8.8.8 | grep "Query time"
;; Query time: 16 msec
jens@screen:~$ dig nanog.org @1.1.1.1 | grep "Query time"
;; Query time: 3 msec

Jens

Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

2018-09-26 Thread Stephane Bortzmeyer 
On Wed, Sep 26, 2018 at 09:21:21AM +0100,
 Colin Johnston  wrote 
 a message of 16 lines which said:

> also could use ripe atlas

Which embeds clients for ICMP Echo, DNS, NTP, TLS, arbitrary TCP (with
some hacks), and, with serious limitations, HTTP.

Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

2018-09-26 Thread Colin Johnston 
also could use ripe atlas

Colin


> On 26 Sep 2018, at 09:15, Stephane Bortzmeyer  wrote:
> 
> On Wed, Sep 26, 2018 at 10:59:02AM +0300,
> Michael Bullut  wrote 
> a message of 192 lines which said:
> 
>> How would you gauge good DNS performance?
> 
> To test {XXX} performance, you use a {XXX} client, where XXX = DNS,
> HTTP, SSH, LDAP, etc.
>

Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

2018-09-26 Thread Stephane Bortzmeyer 
On Wed, Sep 26, 2018 at 10:59:02AM +0300,
 Michael Bullut  wrote 
 a message of 192 lines which said:

> How would you gauge good DNS performance?

To test {XXX} performance, you use a {XXX} client, where XXX = DNS,
HTTP, SSH, LDAP, etc.

Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

2018-09-26 Thread Stephane Bortzmeyer 
On Wed, Sep 26, 2018 at 10:52:07AM +0300,
 Michael Bullut  wrote 
 a message of 162 lines which said:

> Has anyone deployed the aforementioned in your individual networks?
> A quick test suggests it is quite fast compared with Google's
> D.N.S. resolvers:

Well, you don't test a DNS service with ICMP echo, for reasons you
certainly know.

Also, do not compare only public resolvers between themselves, also
compare with a local resolver (always the closest from the clients).

Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

2018-09-26 Thread Michael Bullut 
Hi Ross,

How would you gauge good DNS performance?

Warm regards,

Michael.


On Wed, 26 Sep 2018 at 10:50, Ross Tajvar  wrote:

> Do note that ping response times are not a good indicator of DNS
> performance.
>
> On Wed, Sep 26, 2018, 3:48 AM Michael Bullut  wrote:
>
>> Greetings Team,
>>
>> Has anyone deployed the aforementioned in your individual networks? A
>> quick test suggests it is quite fast compared with Google's D.N.S.
>> resolvers:
>>
>> *C:\Users\bullutm>ping 1.1.1.1*
>>
>> *Pinging 1.1.1.1 with 32 bytes of data:*
>> *Reply from 1.1.1.1 : bytes=32 time=3ms TTL=61*
>> *Reply from 1.1.1.1 : bytes=32 time=4ms TTL=61*
>> *Reply from 1.1.1.1 : bytes=32 time=8ms TTL=61*
>> *Reply from 1.1.1.1 : bytes=32 time=4ms TTL=61*
>>
>> *Ping statistics for 1.1.1.1 :*
>> *Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),*
>> *Approximate round trip times in milli-seconds:*
>> *Minimum = 3ms, Maximum = 8ms, Average = 4ms*
>>
>> *C:\Users\bullutm>*
>>
>> *---*
>>
>> *C:\Users\bullutm>tracert 1.1.1.1*
>>
>> *Tracing route to one.one.one.one [1.1.1.1]*
>> *over a maximum of 30 hops:*
>>
>> *  1 4 ms 3 ms 4 ms  10.101.129.254*
>> *  2 6 ms20 ms 7 ms  10.98.0.165*
>> *  3 7 ms13 ms15 ms  10.98.0.233*
>> *  4 7 ms 5 ms 4 ms  one.one.one.one [1.1.1.1]*
>>
>> *Trace complete.*
>>
>> *C:\Users\bullutm>*
>>
>> Warm regards,
>>
>> Michael Bullut.
>>
>> ---
>>
>> *Cell:*
>> *+254 723 393 114.**Skype Name:* *Michael Bullut.*
>> *Twitter:*
>> * @Kipsang *
>> *Blog: http://www.kipsang.com/ *
>> *E-mail:* *m...@kipsang.com *
>>
>> *---*
>>
>

Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

2018-09-26 Thread Ross Tajvar 
Do note that ping response times are not a good indicator of DNS
performance.

On Wed, Sep 26, 2018, 3:48 AM Michael Bullut  wrote:

> Greetings Team,
>
> Has anyone deployed the aforementioned in your individual networks? A
> quick test suggests it is quite fast compared with Google's D.N.S.
> resolvers:
>
> *C:\Users\bullutm>ping 1.1.1.1*
>
> *Pinging 1.1.1.1 with 32 bytes of data:*
> *Reply from 1.1.1.1 : bytes=32 time=3ms TTL=61*
> *Reply from 1.1.1.1 : bytes=32 time=4ms TTL=61*
> *Reply from 1.1.1.1 : bytes=32 time=8ms TTL=61*
> *Reply from 1.1.1.1 : bytes=32 time=4ms TTL=61*
>
> *Ping statistics for 1.1.1.1 :*
> *Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),*
> *Approximate round trip times in milli-seconds:*
> *Minimum = 3ms, Maximum = 8ms, Average = 4ms*
>
> *C:\Users\bullutm>*
>
> *---*
>
> *C:\Users\bullutm>tracert 1.1.1.1*
>
> *Tracing route to one.one.one.one [1.1.1.1]*
> *over a maximum of 30 hops:*
>
> *  1 4 ms 3 ms 4 ms  10.101.129.254*
> *  2 6 ms20 ms 7 ms  10.98.0.165*
> *  3 7 ms13 ms15 ms  10.98.0.233*
> *  4 7 ms 5 ms 4 ms  one.one.one.one [1.1.1.1]*
>
> *Trace complete.*
>
> *C:\Users\bullutm>*
>
> Warm regards,
>
> Michael Bullut.
>
> ---
>
> *Cell:*
> *+254 723 393 114.**Skype Name:* *Michael Bullut.*
> *Twitter:*
> * @Kipsang *
> *Blog: http://www.kipsang.com/ *
> *E-mail:* *m...@kipsang.com *
>
> *---*
>