Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1] 2

Author Topic: DNS Servers  (Read 6791 times)

maxheadroom

  • Reg Member
  • ***
  • Posts: 150
DNS Servers
« on: December 23, 2021, 07:40:13 PM »

I  originally used TalkTalk DNS server as it was already set up in the router i then tried Open DNS as it was recommended and it seemed faster i have over the year tried Google, Open and Cloudflare DNS instead of TalkTalk does it really make much difference?

 

Please move this if its in the wrong forum.
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: DNS Servers
« Reply #1 on: December 23, 2021, 10:56:58 PM »

They’re all pretty good in my opinion. It’s just about who you trust in respect of privacy concerns. Your own ISP’s DNS servers ought to be the fastest since they’re the closest, unless they’re rubbish because they’re overburdened in which case try the second ISP DNS server listed, worth a go. It’s definitely worth pinging every DNS server that you try.
Logged

meritez

  • Content Team
  • Kitizen
  • *
  • Posts: 1623
Re: DNS Servers
« Reply #2 on: December 23, 2021, 11:24:49 PM »

I use the following:

Code: [Select]
https://dns10.quad9.net/dns-query
https://dns-unfiltered.adguard.com/dns-query
https://doh.opendns.com/dns-query
https://dns.google/dns-query
https://dns.cloudflare.com/dns-query
https://dns.switch.ch/dns-query

And the following as bootstrap to resolve the IP addresses of the above:

Code: [Select]
9.9.9.10
149.112.112.10
2620:fe::10
2620:fe::fe:10

Logged

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5260
    • Thinkbroadband Quality Monitors
Re: DNS Servers
« Reply #3 on: December 24, 2021, 05:55:08 AM »

I think it was on the Netgate forum where they highly recommended you NOT use different DNS providers concurrently as them potentially giving different results (some are filtered, I believe quad9 is) could cause issues.

I believe there may also be some merit in using ISP providers in that they know their peering and routing so may return results preferring specific CDNs.  Although as I understand it most public DNS providers also consider your geolocation in their results.
« Last Edit: December 24, 2021, 05:58:25 AM by Alex Atkin UK »
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

meritez

  • Content Team
  • Kitizen
  • *
  • Posts: 1623
Re: DNS Servers
« Reply #4 on: December 24, 2021, 06:10:45 AM »

Quote
Is there a service that Quad9 offers that does not have the blocklist or other security?
The primary IP address for Quad9 is 9.9.9.9, which includes the blocklist, DNSSEC validation, and other security features. However, we do provide an unsecured service and it can be helpful in determining if there are false positives in the Quad9 threat feed or DNSSEC errors with a specific domain.

Unsecured IP: 9.9.9.10 Provides: No security blocklist, no DNSSEC, No EDNS Client-Subnet sent. Please use the unsecured secondary address of 149.112.112.10

IPv6: 2620:fe::10, 2620:fe::fe:10

https://www.quad9.net/support/faq/

Logged

craigski

  • Reg Member
  • ***
  • Posts: 294
Re: DNS Servers
« Reply #5 on: December 24, 2021, 10:14:27 AM »

In terms of performance, this may help you decide:

https://www.dnsperf.com/#!dns-resolvers,Europe

Note that you may see Cisco Umbrella listed, this is another name for OpenDNS.
Logged

broadstairs

  • Kitizen
  • ****
  • Posts: 3697
Re: DNS Servers
« Reply #6 on: December 24, 2021, 10:40:09 AM »

I use the fastest servers by using DNSBench from Gibson Research.

Stuart
Logged
ISP:Vodafone Router:Vodafone Wi-Fi hub FTTP

4candles

  • Kitizen
  • ****
  • Posts: 3297
  • Not young enough to know everything
Re: DNS Servers
« Reply #7 on: December 24, 2021, 03:59:57 PM »

I use the fastest servers by using DNSBench from Gibson Research.

Stuart

+1

Results vary from day to day and hour to hour, but some BT ones are consistently near the top so I use them with Plusnet.
Logged
To err is human - to purr feline
Zen FTTC 40/10 + Digital Voice   FRITZ!Box 7530

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: DNS Servers
« Reply #8 on: December 24, 2021, 04:18:22 PM »

Over the years I have used:
  • ISP provided. (Stopped using when their "nanny knows best" policy became apparent.)
  • OpenDNS. (Stopped using when advertisements were shown rather than the true error messages in error situations.)
  • Google. (Stopped using due to their obsession in documenting and archiving everything.)
  • Quad 9. (Stopped using due to their "nanny knows best" policy.)
Now currently using Cloudflare's public resolver (1.1.1.1) and have configured Firefox to use DNS over HTTPS (as Cloudflare provides the service).

[Edited to fix typo.]
« Last Edit: December 24, 2021, 09:21:32 PM by burakkucat »
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

maxheadroom

  • Reg Member
  • ***
  • Posts: 150
Re: DNS Servers
« Reply #9 on: December 24, 2021, 08:33:47 PM »

Thanks all.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: DNS Servers
« Reply #10 on: December 24, 2021, 10:58:53 PM »

I made a list for my firewall configuration (to block DoH requests directly from clients) for all the variants of the public servers excluding opendns, I will share it here with you guys so is a convenience list.

1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001 Cloudflare No Filter
1.1.1.2 1.0.0.2 2606:4700:4700::1112 2606:4700:4700::1002 Cloudflare Malware Filter
1.1.1.3 1.0.0.3 2606:4700:4700::1113 2606:4700:4700::1003 Cloudflare Malware and Family Filter
8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844 Google No Filter, Tracked, supports ECS
9.9.9.9 149.112.112.9 149.112.112.112 2620:fe::9 2620:fe::fe:9 2620:fe::fe Quad9 Malware Filter
9.9.9.10 149.112.112.10 2620:fe::10 2620:fe::fe:10 Quad9 No Filter
9.9.9.11 149.112.112.11 2620:fe::11 2620:fe::fe:11 Quad9 Malware Filter and supports ECS
9.9.9.12 149.112.112.12 2620:fe::12 2620:fe::fe:12 Quad9 No Filter, supports ECS

The ECS I mentioned references a feature that supposedly helps get maximum CDN performance, Netflix I think have took issue with Cloudflare not passing it on, Cloudflare state they are in discussions for CDNs to do their optimisation without the privacy exposure.  My personal opinion is I have noticed no bad performance from CDN based content with ECS data omitted.

In regards to performance, Quad9 is faster for me unencrypted vs Cloudflare, I tried Quad9 DNSCrypt which had awful glaring issues, latency all over the place including timeouts, whilst my personal DNSCrypt tunnel had no such issues.  I then tried Cloudflare DoH which has been working really well, and that is my current configuration I use the .2 malware servers dual stack primary IPv4 with secondary IPv6, my DoH is done via DNSCrypt-proxy (in DoH mode) on my firewall, and the unbound DNS resolver uses the local DNSCrypt as its resolver.  This so I still benefit from unbound performance features such as 'serve expired'.

If you guys can do it, DoH should easily be faster than DoT due to how the protocols work, but pfsense unbound doesnt natively support DoH so would need to use something like dnscrypt-proxy as an intermediate or main resolver.
« Last Edit: December 24, 2021, 11:16:31 PM by Chrysalis »
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: DNS Servers
« Reply #11 on: December 24, 2021, 11:20:09 PM »

Thanks Chrys.

. . . (to block DoH requests directly from clients) . . .

<snip>

The ECS I mentioned references a feature that supposedly helps get maximum CDN performance, . . .

<snip>

DoH is obviously "DNS over HTTPS" but ECS puzzles me. Perhaps I am looking in the wrong place, for the best I can come up with is "Elastic Cloud Storage".  :-\
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: DNS Servers
« Reply #12 on: December 24, 2021, 11:22:14 PM »

Here you go burakkucat.

https://en.wikipedia.org/wiki/EDNS_Client_Subnet

It is a system where the DNS server forwards subnet information from the client making the DNS request, this is to help identify where the client is connecting from.
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: DNS Servers
« Reply #13 on: December 24, 2021, 11:46:56 PM »

Thank you.  :)
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5260
    • Thinkbroadband Quality Monitors
Re: DNS Servers
« Reply #14 on: December 25, 2021, 03:24:32 AM »

I've been meaning to double check how my DNS setup is working right now actually as I remember when I was on Cloudflare it still seemed to find Zens Netflix cache absolutely fine. 

Although last I checked Netflix were still only serving half the HD bitrates they did before the pandemic which really makes me angry when I'm paying for the UHD package, which ironically is NOT throttled for UHD content.  So 4K content looks great, HD content is half the bitrate it should be so suffers macro-blocking in motion.
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors
Pages: [1] 2