Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 ... 7 8 [9] 10 11 ... 17

Author Topic: High packet loss on Virgin  (Read 32565 times)

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: High packet loss on Virgin
« Reply #120 on: June 11, 2020, 07:04:20 AM »

I'd be interested if those installing the update are able to revert the settings back to true DNS Resolver with DHCP hosts, and still be able to get decent latency plots.

Andy

Installed this morning, only uncheck, saved and applied "Enable Forwarding Mode" and a brief period of really bad pings then it cleared, I've now enabled forwarding mode, will test it again overnight tonight.

Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5260
    • Thinkbroadband Quality Monitors
Re: High packet loss on Virgin
« Reply #121 on: June 11, 2020, 04:18:03 PM »

I'd be interested if those installing the update are able to revert the settings back to true DNS Resolver with DHCP hosts, and still be able to get decent latency plots.

Andy

You mean assign DNS to dynamic DHCP clients? (or whatever its called)  I believe that's inherently always going to be broken as Unbound has to be restarted every time a new host is added/removed, which takes down DNS for a few seconds.
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: High packet loss on Virgin
« Reply #122 on: June 12, 2020, 04:40:51 PM »

I'd be interested if those installing the update are able to revert the settings back to true DNS Resolver with DHCP hosts, and still be able to get decent latency plots.

Andy


I dont suggest it, some devices phones etc. can be quite often updating dhcp, and you risk dns resolution outages if you try and do a lookup during a dns service restart.

If dhcp hostnames are important to you then setup dhcp static mapping for those devices.
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: High packet loss on Virgin
« Reply #123 on: June 12, 2020, 08:45:57 PM »

With Forwarding mode off I still latency spikes, so I've turned forwarding back on

Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5260
    • Thinkbroadband Quality Monitors
Re: High packet loss on Virgin
« Reply #124 on: June 13, 2020, 09:53:16 PM »

With Forwarding mode off I still latency spikes, so I've turned forwarding back on



Do you actually notice them in use though or just on the graph?  They don't really look frequent enough to indicate a problem IMO.
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: High packet loss on Virgin
« Reply #125 on: June 14, 2020, 07:24:59 AM »

No, but then I don't notice anything detrimental having forwarding mode on either.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5260
    • Thinkbroadband Quality Monitors
Re: High packet loss on Virgin
« Reply #126 on: June 14, 2020, 08:28:11 PM »

We have to remember, ping is only a rough guide.  You can have huge ping latency but real-world performance be fine.
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: High packet loss on Virgin
« Reply #127 on: June 16, 2020, 10:29:30 AM »

I'm well aware of that  ;) It certainly wasn't fine when I was having all the problems, it was that bad my daughters were complaining, it's only the tweaks we've made that have improved things. And that final tweak eliminates the last signs of it, with no detrimental effects.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: High packet loss on Virgin
« Reply #128 on: June 20, 2020, 06:04:19 AM »

I think the only benefits of direct dns mode (forwarding off) is if for privacy concerns you just dont want to use a MITM dns server for fear of logging, or for commercial use as for that direct has more benefits.  DNS lookups are not just a simple query for one A record, you have to also resolve NS, and other records, some times queries to glue servers as well, so the performance hit on direct mode can be quite significant with much more dns traffic.
Logged

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5260
    • Thinkbroadband Quality Monitors
Re: High packet loss on Virgin
« Reply #129 on: June 21, 2020, 09:56:28 AM »

There is also the security of getting your results unfiltered from the source, especially domains using DNSSEC.

Even though they added the UI for DNS over TLS, the Netgate staff on the forum always go on about DNS Resolution being the correct way to do DNS.

I can see their logic though, theres always a lot of novices on the forum trying to use Google, Cloudflare and QUAD9, which can give unpredictable results if you randomly get different records back.  Full resolution means you aren't trusting someone to not modify the result.
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: High packet loss on Virgin
« Reply #130 on: June 21, 2020, 12:23:05 PM »

well i trust them to serve proper dns response, the trust issue is down to logging, tracking, and out of the box configuration will have you using isp supplied dns forwarding, ip results been different? services like google will have many public facing ips, and using a different dns resolver ip could easily have a different one been picked.

it is normal behaviour for ip records to change frequently on some services.

but yeah if you have trust issues thats a reason to go direct.
« Last Edit: June 21, 2020, 12:27:02 PM by Chrysalis »
Logged

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5260
    • Thinkbroadband Quality Monitors
Re: High packet loss on Virgin
« Reply #131 on: June 22, 2020, 12:17:40 AM »

well i trust them to serve proper dns response, the trust issue is down to logging, tracking, and out of the box configuration will have you using isp supplied dns forwarding, ip results been different? services like google will have many public facing ips, and using a different dns resolver ip could easily have a different one been picked.

it is normal behaviour for ip records to change frequently on some services.

but yeah if you have trust issues thats a reason to go direct.

I don't think that is what they mean, its that services like QUAD9 do filtering, like OpenDNS.  So sometimes you might get a filtered result, sometimes the real one, creating an inconsistent experience.
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: High packet loss on Virgin
« Reply #132 on: June 22, 2020, 02:17:20 AM »

I dont know what they supposedly mean given I cannot find any posts of them telling people to not use forwarding, but if you are using a forwarder that filters, then unless you mixing it with another resolver that doesnt filter then it will be consistent.  The developers wrote their own dns over tls guide for cloudflare, they wouldnt do that if they didnt support such a configuration.

If someone misconfigures their unit that doesnt make a feature bad or good, thats just simply operator error.
Logged

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5260
    • Thinkbroadband Quality Monitors
Re: High packet loss on Virgin
« Reply #133 on: June 23, 2020, 04:47:05 AM »

I never said it was bad, I said that there is less scope for user error and for DNSSEC a guarantee you are getting unfiltered DNS rather than trusting the upstream supplier to be honest about how they are managing DNS.

What the forums mods pointed out was if you are using DoT to avoid your ISP logging your DNS, you are still trusting the upstream resolver you are using to not log those requests.  Their logic being that if you are getting all DNS from the root servers, this is less likely to be an issue as any logging is spread across all those servers so no central place to retrieve all your history from.

I'm honestly not sure which side I'm on in this argument.  I kinda liked Cloudflare as my domains are hosted there, but have been using full resolution for a while now.  I do think perhaps I've had a few less resolution errors since doing so but its obviously impossible to really test.
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: High packet loss on Virgin
« Reply #134 on: June 23, 2020, 09:52:57 AM »

Well yeah its the same for VPNs really dont trust your isp, so use a VPN, but then of course the VPN provider can log etc.

I have moved between different positions, at one point had DNSSEC resolution enabled as well, I have settled on using cloudflare DNS currently.  Going direct DNS doesnt protect you from MITM attacks either, thats why DNSSEC exists but the amount of domains DNSSEC enabled is a pittance and that has its own issues.

Cloudflare dont do trackable logging, unless you think they lying, but one thing I am sure on is I dont think direct DNS resolution is worth it for consumer use, DNS is so performance sensitive.

Ultimately in security there is a bunch of what if's and then there is a bunch of practical situations, if you end up getting your DNS records manipulated, unless its part of a feature like malware/parental filtering on the upstream provider, then its more then likely going to be a compromise on your own network.

Also one thing to consider as well, if your DNS queries are not encrypted, its trivial for an isp to intercept your lookups, try doing DNS encryption direct.

If you are really paranoid, which it sounds like you are, then you could use dnscrypt or something similar to your own private resolver hosted outside of the UK.  Which is what I used to do until I realised it really messes up some geo services (they may check DNS server country origin) include getting ip banned from amazon video.  After I switched to a mainstream forwarder service I realised I just wasnt that bothered enough anymore.

I think most people prefer a 3rd party service to log instead of their own isp as their isp already will have records with their personal details for billing purposes, so its fairly logical to conclude the further away the logging is from your isp the better.
« Last Edit: June 23, 2020, 10:05:49 AM by Chrysalis »
Logged
Pages: 1 ... 7 8 [9] 10 11 ... 17
 

anything