I have been happily grinding my way through the excellent serious of
Mark Furneaux videos which @underzone recommended and just completed Part 7 : DNS resolver and benchmarking. Unfortunately this is the last in the series and he has said he will not continue making them. I have some suspected DNS issues with my connections / routers so found this very informative.
My pfSense box is not quite ready yet but it is interesting to see that pfSense has a DNS caching server (
unbound) built in and enabled by default. I can't find out if my current TP-Link TL-ER5120 has a DNS cache or not - I can't see any reference to it in the manual.
I can't test my own connection as I am currently at work in Africa but out of curiosity I downloaded
namebench (its super easy under ubuntu as it is in the main repository and runs from the command line i.e. sudo apt-get install namebench - its also cross platform and has windows exe). Namebench is really cool, can't wait toi try it on my home network and set up the 'optimal' DNS servers on my pfSense box. I will certainly be running before and after tests with namebench on my network to evaluate the effect changing to my pfSense box has.
Just curious :
- Do you guys look at DNS server performance and optimise or just use the ISP default? Personally I have been using the openDNS service for the content filtering, I will use SquidGuard for this when I swap to pfSense
- Have any of you tried using namebench and found significant / noticeable performance improvement?
- Do you know whether any our usually recommended routers have DNS cache built in? It isn't documented for my TL-ER5120 but I have seen mention that it does, likewise the Zyxel VMG8924 - I can't seem to find an explicit reference
It seems to me that unless DNS caching is a standard undocumented feature of routers generally it puts pfSense at a distinct advantage (albeit probably not massively impactful for most people)
EDIT : I just found
this article about installing a
Bind DNS caching server using BusyBox. As the VMG8924 has access to BusyBox through the CLI I am guessing the same might be feasible (if you are geeky enough).
Cool beans,
Chunks