Re: [silk] Alternate DNS servers
Just to sum up the free DNS alternatives so far: * Opendns [1] * level3 [2] * DNSadvantage [3] All of the above use anycast [4] so you get automatically routed to the nearest server. It appears that DNSadvantage has a node in India, too. Udhay [1] https://www.opendns.com/ [2] Just use 4.2.2.x [3] http://www.dnsadvantage.com/ [4] http://en.wikipedia.org/wiki/Anycast For completeness and for later reference, adding the other alternatives, google DNS [5] and Comodo secure DNS [6]. [5] https://code.google.com/speed/public-dns/docs/using.html [6] https://www.comodo.com/secure-dns/index.html There is one well-known problem with public DNS resolvers, that they don't work well with Content Distribution Networks like Akamai [7]. There is a proposed solution that doesn't seem to have traction yet [8] - and now, another client-side solution that seems interesting [9] called namehelp. Anybody here who's used it wants to comment? Udhay [7] http://www.cdnplanet.com/blog/real-world-cdn-performance-googledns-opendns-users/ [8] https://tools.ietf.org/html/draft-vandergaast-edns-client-subnet-01 [9] http://aqualab.cs.northwestern.edu/projects/namehelp -- ((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))
Re: [silk] Alternate DNS servers
Thaths, * Thaths (tha...@gmail.com) [120327 11:37]: On Tue, Mar 27, 2012 at 11:21 AM, Jon Cox j...@experiments.com wrote: If a few 100ms delays end up being done serially it can be a pretty big deal. Yes. But most OS resolvers are smart enough to cache DNS lookups, if not the record's full TTLs, at least enough to not have to look up the same host multiple times when downloading IMG and SCRIPT SRCes. There are a few places where DNS values records can be cached; some of these caches are rather small by default, which means stuff gets kicked out before the TTL is over. These extra caches include: o browsers - On some versions of firefox, you get around 20 by default. See about:config and look at Network.dnsCacheEntries o OS - On various flavors of Windows, see registry values under: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters (default hash table size: 384) - On linux, you might be using nscd, pdnsd, or whatever else. o Proxy servers Rather than use someone else's server for recursive resolution, I prefer to just run tinydns+dnscache locally. Quis custodiet ipsos custodes? Even with tinydns and dnscache, your upstream DNS might be brain dead? Verizon and Comcast (two large, popular ISPs hereabouts) have gotten into the annoying habit of trying to monetize NXDOMAINs. No -- that's part of the beauty of using dnscache ! Rather than have your ISP do the recursive resolution, dnscache handles it. For dnscache to fail, *all* the root servers would need to be down, in which case everybody on the net would be completely hozed anyway. Using dnscache makes DNS failures brownouts at your ISP completely irrelevant! By default dnscache gives you a 1M cache, which is configurable via /service/dnscache/env/CACHESIZE and even gives you tools to see how effective it is (see: http://cr.yp.to/djbdns/cachesize.html ). I hope this helps, -Jon -Jon
Re: [silk] Alternate DNS servers
Jon Cox [28/03/12 18:34 -0700]: By default dnscache gives you a 1M cache, which is configurable via /service/dnscache/env/CACHESIZE and even gives you tools to see how effective it is (see: http://cr.yp.to/djbdns/cachesize.html ). It is very nice, useful - except that djb has weird and wonderful ideas about dns, it needs a lot of patching (and idiosyncratically written patches at that) for v6 etc etc. You might try this - Package: pdns-recursor Priority: extra Section: net Installed-Size: 1344 Maintainer: Matthijs Mohlmann matth...@cacholong.nl Architecture: i386 Version: 3.2-4 Replaces: pdns Depends: libc6 (= 2.3.6-6~), libgcc1 (= 1:4.1.1), liblua5.1-0, libstdc++6 (= 4.4.0), lsb-base (= 3.0-6), adduser Recommends: pdns-doc Filename: pool/main/p/pdns-recursor/pdns-recursor_3.2-4_i386.deb Size: 548202 MD5sum: 076639760dd9753a711774f30cdc8fdc SHA1: 3ab18085e7d3b6130996276226306ab47ab569c5 SHA256: 9e0121bbbf513b457457d7c58220841694cf0f8e5d2ab0040df1cd453a215108 Description: PowerDNS recursor PowerDNS is a versatile nameserver which supports a large number of different backends ranging from simple zonefiles to relational databases and load balancing/failover algorithms. PowerDNS tries to emphasize speed and security. . This is the recursive nameserver that goes out to the internet and resolve queries about other domains. Tag: interface::daemon, network::server, network::service, protocol::dns, role::program
Re: [silk] Alternate DNS servers
Suresh, I've looked at a few alternatives because of v6 but it looks like that's still 10 years away from mattering. What real-world website that you actually care about will have an IPv4 only address? That's the sad truth about ipv6 -- it's a parallel stack instead of an embedded address space, so the uptake has been negligible, even with the spectre of address exhaustion. My guess is that when the time comes, consumers will get IPv6 addresses from their ISPs, and destinations on the web will continue to use IPv4 more or less forever. If that's true, then IPv6 DNS will probably never matter in terms of web browsing. In any event, that's my reason for sticking with dnscache. It works, and the only reason I have for moving off of it is maybe needing to apply a patch 10 years from now. It did require a bit of fiddling at first though, that's for sure. The setup I finally settled with was an /etc/inittab entry like this: #-- # Wanted to start all the DJB services (e.g.: djbdns) # using multilog rather than readproctitle # See: http://thedjbway.org/svscanboot.html # # Therefore, svscanboot is now defunct: # SV:123456:respawn:/usr/bin/svscanboot # # Now using svscan-start instead, which just uses # multilogger (rather than readproctitle). # # To see svscan service log: # % cat /var/log/multilog/svscan-service/current | tai64nlocal # # # NOTE: Unlike the typical svscan setup, I made /service # empty on startup, and then allows svscan to start things # up by making /etc/init.d scripts that crete the appropriate # symlink (e.g.: /service/dnscache - /etc/dnscache ) # at the rignt runlevel. This allows daemontools to # mesh more cleanly with the djb way; it allows me to # have a conventional start/stop script yet provides # the monitoring via svscan. Another nice feature is that # it lets me start stuff like tinydns right after the # network devices are up. This was harder to do in the # conventional djb setup, and avoids having to hard-code # IP addresses in other init.d scripts. For example of # how the generic start/stop scripts work with svscan, see: # /etc/init.d/tinydns # #-- SV:123456:respawn:/usr/local/bin/svscan-start #-- I also wrote a start/stop script for a DJB daemontools style daemon. When the machine boots up, /service is emptied, and svscan is run. Then whenever you want, a generic daemontools start/stop script The daemon this script runs is determined by its filename. For example, if this file is /etc/init.d/tinydns then /etc/tinydns is linked to /service/tinydns, which causes svscan to run tinydns. This arrangement allows daemontools to live in harmony with the more standard /etc/init.d way of doing things. As a benefit, you also get to start/stop daemons by hand w/o needing to remember the syntax for the 'svc' program. -Jon * Suresh Ramasubramanian (sur...@hserus.net) [120328 18:49]: Jon Cox [28/03/12 18:34 -0700]: By default dnscache gives you a 1M cache, which is configurable via /service/dnscache/env/CACHESIZE and even gives you tools to see how effective it is (see: http://cr.yp.to/djbdns/cachesize.html ). It is very nice, useful - except that djb has weird and wonderful ideas about dns, it needs a lot of patching (and idiosyncratically written patches at that) for v6 etc etc. You might try this - Package: pdns-recursor Priority: extra Section: net Installed-Size: 1344 Maintainer: Matthijs Mohlmann matth...@cacholong.nl Architecture: i386 Version: 3.2-4 Replaces: pdns Depends: libc6 (= 2.3.6-6~), libgcc1 (= 1:4.1.1), liblua5.1-0, libstdc++6 (= 4.4.0), lsb-base (= 3.0-6), adduser Recommends: pdns-doc Filename: pool/main/p/pdns-recursor/pdns-recursor_3.2-4_i386.deb Size: 548202 MD5sum: 076639760dd9753a711774f30cdc8fdc SHA1: 3ab18085e7d3b6130996276226306ab47ab569c5 SHA256: 9e0121bbbf513b457457d7c58220841694cf0f8e5d2ab0040df1cd453a215108 Description: PowerDNS recursor PowerDNS is a versatile nameserver which supports a large number of different backends ranging from simple zonefiles to relational databases and load balancing/failover algorithms. PowerDNS tries to emphasize speed and security. . This is the recursive nameserver that goes out to the internet and resolve queries about other domains. Tag: interface::daemon, network::server, network::service, protocol::dns, role::program
Re: [silk] Alternate DNS servers
On Mon, Mar 26, 2012 at 6:44 PM, Udhay Shankar N ud...@pobox.com wrote: On 06-Nov-08 7:22 AM, Udhay Shankar N wrote: Just to sum up the free DNS alternatives so far: * Opendns [1] * level3 [2] * DNSadvantage [3] All of the above use anycast [4] so you get automatically routed to the nearest server. It appears that DNSadvantage has a node in India, too. Does the DNS server make so much difference for non heavy users ?? I have experimented with various and really not been able to make out the difference in speed unless I am missing out something Deepak
Re: [silk] Alternate DNS servers
On Tue, Mar 27, 2012 at 8:25 AM, Deepak Misra yahoogro...@deepakmisra.comwrote: Does the DNS server make so much difference for non heavy users ?? I have experimented with various and really not been able to make out the difference in speed unless I am missing out something They do make some difference - but not something you might consciously notice. The 100-odd milliseconds they save are more than eaten up by the bloat that most websites have. Thaths -- Homer: Hey, what does this job pay? Carl: Nuthin'. Homer: D'oh! Carl: Unless you're crooked. Homer: Woo-hoo! Sudhakar ChandraSlacker Without Borders
Re: [silk] Alternate DNS servers
Thaths, If a few 100ms delays end up being done serially it can be a pretty big deal. Rather than use someone else's server for recursive resolution, I prefer to just run tinydns+dnscache locally. -Jon * Thaths (tha...@gmail.com) [120327 08:32]: On Tue, Mar 27, 2012 at 8:25 AM, Deepak Misra yahoogro...@deepakmisra.comwrote: Does the DNS server make so much difference for non heavy users ?? I have experimented with various and really not been able to make out the difference in speed unless I am missing out something They do make some difference - but not something you might consciously notice. The 100-odd milliseconds they save are more than eaten up by the bloat that most websites have. Thaths -- Homer: Hey, what does this job pay? Carl: Nuthin'. Homer: D'oh! Carl: Unless you're crooked. Homer: Woo-hoo! Sudhakar ChandraSlacker Without Borders
Re: [silk] Alternate DNS servers
On Tue, Mar 27, 2012 at 11:21 AM, Jon Cox j...@experiments.com wrote: If a few 100ms delays end up being done serially it can be a pretty big deal. Yes. But most OS resolvers are smart enough to cache DNS lookups, if not the record's full TTLs, at least enough to not have to look up the same host multiple times when downloading IMG and SCRIPT SRCes. Rather than use someone else's server for recursive resolution, I prefer to just run tinydns+dnscache locally. Quis custodiet ipsos custodes? Even with tinydns and dnscache, your upstream DNS might be brain dead? Verizon and Comcast (two large, popular ISPs hereabouts) have gotten into the annoying habit of trying to monetize NXDOMAINs. Thaths -- Homer: Hey, what does this job pay? Carl: Nuthin'. Homer: D'oh! Carl: Unless you're crooked. Homer: Woo-hoo! Sudhakar ChandraSlacker Without Borders
Re: [silk] Alternate DNS servers
On 06-Nov-08 7:22 AM, Udhay Shankar N wrote: Just to sum up the free DNS alternatives so far: * Opendns [1] * level3 [2] * DNSadvantage [3] All of the above use anycast [4] so you get automatically routed to the nearest server. It appears that DNSadvantage has a node in India, too. Udhay [1] https://www.opendns.com/ [2] Just use 4.2.2.x [3] http://www.dnsadvantage.com/ [4] http://en.wikipedia.org/wiki/Anycast For completeness and for later reference, adding the other alternatives, google DNS [5] and Comodo secure DNS [6]. [5] https://code.google.com/speed/public-dns/docs/using.html [6] https://www.comodo.com/secure-dns/index.html -- ((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))
Re: [silk] Alternate DNS servers
Jude Britto [04/12/09 13:26 +0530]: Google Public DNS launched yesterday: http://code.google.com/speed/public-dns/ http://googleblog.blogspot.com/2009/12/introducing-google-public-dns.html and iljitsch on ars technica - http://arstechnica.com/security/news/2009/12/google-public-dns-service-not-ideal-for-everyone.ars
Re: [silk] Alternate DNS servers
On Friday 04 December 2009 01:34 PM, Suresh Ramasubramanian wrote: Jude Britto [04/12/09 13:26 +0530]: Google Public DNS launched yesterday: http://code.google.com/speed/public-dns/ http://googleblog.blogspot.com/2009/12/introducing-google-public-dns.html and iljitsch on ars technica - http://arstechnica.com/security/news/2009/12/google-public-dns-service-not-ideal-for-everyone.ars and OpenDNS's founder (via CircleID): http://blog.opendns.com/2009/12/03/opendns-google-dns/ signature.asc Description: OpenPGP digital signature
Re: [silk] Alternate DNS servers
Pranesh Prakash [04/12/09 13:36 +0530]: On Friday 04 December 2009 01:34 PM, Suresh Ramasubramanian wrote: Jude Britto [04/12/09 13:26 +0530]: Google Public DNS launched yesterday: http://code.google.com/speed/public-dns/ http://googleblog.blogspot.com/2009/12/introducing-google-public-dns.html and iljitsch on ars technica - http://arstechnica.com/security/news/2009/12/google-public-dns-service-not-ideal-for-everyone.ars and OpenDNS's founder (via CircleID): http://blog.opendns.com/2009/12/03/opendns-google-dns/ And for the other side, google's most fervent fanboi on Dave Farber's IP .. http://lauren.vortex.com/archive/000645.html
Re: [silk] Alternate DNS servers
On Fri, Dec 4, 2009 at 12:06 AM, Pranesh Prakash the.solips...@gmail.com wrote: and OpenDNS's founder (via CircleID): http://blog.opendns.com/2009/12/03/opendns-google-dns/ #include not-speaking-for-employer.h 1. We are different 2. The fact that they are doing what we are doing means that we've been doing the right thing all along 3. They could do evil stuff in the future 3. (b) (sotto voce) Nevermind we do evil stuff *today* 4. Good for them for doing this 5. But beware! They could do evil stuff in the future I found too much FUD and contradictions in that blog post. Thaths -- Marge, you being a cop makes you the man! Which makes me the woman... and I have no interest in that, besides wearing the occasional underwear, which as we discussed is strictly a comfort thing. -- Homer J. Simpson Sudhakar ChandraSlacker Without Borders
Re: [silk] Alternate DNS servers
Google Public DNS launched yesterday: http://code.google.com/speed/public-dns/ http://googleblog.blogspot.com/2009/12/introducing-google-public-dns.html
[silk] Alternate DNS servers
[retitling this to make it easier to find in the archives later] On Wed, Oct 29, 2008 at 4:19 PM, Ramakrishnan Sundaram [EMAIL PROTECTED] wrote: I was using OpenDNS for a while for both my home and office networks, but have stopped recently. Am currently using Level 3's servers. Just to sum up the free DNS alternatives so far: * Opendns [1] * level3 [2] * DNSadvantage [3] All of the above use anycast [4] so you get automatically routed to the nearest server. It appears that DNSadvantage has a node in India, too. Udhay [1] https://www.opendns.com/ [2] Just use 4.2.2.x [3] http://www.dnsadvantage.com/ [4] http://en.wikipedia.org/wiki/Anycast -- ((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))