Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Weaver]

re additions to public free dns http://www.kitz.co.uk/isp/dns.htm#freeDNS

Aside from the old favourites
   4.2.2.1 etc (.1 .. .6)

there are also now
  Google's public DNS at 8.8.8.8 and 8.8.4.4

and both these organisations do not get up to any funny business with sending you bogus "success" responses for queries on non-existent domains in order to point you to a page of their own. (Although to be fair to OpenDNS, you can register for a free account with them, declare an IP address block and set a preference to turn such nonsense off for clients in that IP range.)

[Weaver]

This incredibly useful tool for debugging DNS reliability and performance problems from Gibson Research (grc.com)
    http://www.grc.com/dns/benchmark.htm
is free and is beautifully designed.

It gives a list of open, public DNS servers although I couldn't say how "permanent" they are or comment about the ethics of promoting their use, and some are a long way away (those that are non-anycast especially), but if someone is familiar with some of those mentioned, then they might be a source of inspiration.

OpenDNS and Google's two come out well in the tests.

[roseway]

Yes, I use DNS Benchmark, and it's been invaluable in selecting the best DNS servers for me.

[kitz]

Thank you Weaver,  Ive updated the page accordingly.

[Weaver]

Performance and hassle

The OpenDNS servers seem to perform particularly well. I might only consider using them (as backup) because I've taken the trouble to set preferences to disable all the _utter nonsense_ of redirecting to a webpage rather than correctly returning a failure response for queries on non-existent domain names. To be able to set preferences, I had to go and declare possible IP address ranges I use for client machines as that's how the preference thing works.

Using Google avoids this nonsense completely, as they do the right thing (tm), and behave in a no-nonsense fashion, and on the website they guarantee to continue doing the right thing. Google possibly isn't quite as fast though.

Do you think it would be worth including a health warning for those servers that have dubious (-by-default) behaviour?

[roseway]

I agree with your point about OpenDNS, and that's why I stopped using it. But the problem with health warnings is - where do you stop? I don't use Google DNS because I'm unhappy about the degree to which Google gather data about their users, but I'm sure there are similar privacy concerns with many other internet services from many other organisations.

[Weaver]

> But the problem with health warnings is - where do you stop?

Two things. Firstly, of course it's not for me to say, as Kitz does the work around here, and I just enjoy the benefits. :-)

Secondly - Point taken about Google. But what I would say is that certain technical things, such as the return bogus page instead of a failure thing, are just examples of brokenness. That behavioural feature could be n-valued, (1) not broken - returns failures correctly vs (2) broken vs (3) broken by default, configurably 'fixable'.

Sticking to technical features avoids the mire of subjective judgements.

Another possible example would be uk-based server = TRUE/FALSE. Another one might be anycast=TRUE/FALSE.
For example Cisco's main name servers are usable by anyone AFAIK as presumably their own hardware needs them. I wouldn't recommend them for uk clients though as in my experience they're too far away and performance is therefore not ideal.

OpenDNS has 'rich' behaviour, not sure that's the right word. It adds complex behaviour on top of what a normal, straight DNS server will do. And some of this behaviour is very worthwhile, despite my criticism of them, and as it's configurable (now), this addresses some of my concerns. So anyway a "rich" flag might tell the reader that she/he needs to "read the manual".

[Weaver]

BTW - regarding Google DNS and privacy

see http://code.google.com/speed/public-dns/privacy.html
and technical FAQ http://code.google.com/speed/public-dns/faq.html

they make some reassuring noises and on the evidence of these public statements - unless they are telling fibs-  their policies and behaviours seems to my eyes to be simply to "do the right thing" and no funny business.

[kitz]

>> I agree with your point about OpenDNS,

I still have it as a back up service behind my ISP & DNS Advantage.  There are many who are quite happy to use the service, like you mine is configured.
 
At the end of the day we can only point users who are looking for free dns in the right direction.  I feel there is a choice they can select from and if they dont like how one behaves then there are other options there, and I dont really intend doing a review on which to use.  Im happy for that sort of thing to be in the forums though

[jeffbb]

Hi
I am just using the 2 ZEN servers . The DNS Bench mark  application reports that they are faster than any of the publicly available servers .The only fly in the ointment is that they are both seen as to be unreliable. This last statement is a new one . Never had this before. Wonder if Zen are having some problems ?. Must admit I don't seem to have any problems with connections .

quote :I still have it as a back up service behind my ISP & DNS Advantage.  There are many who are quite happy to use the service, like you mine is configured.

How do you configure it ?


Regards Jeff

[Weaver]

For me, unsurprisingly, on an ISP=AAISP line, the ISP's own servers outperform everything else. Which is as it should be. And OpenDNS come a close second with very strong performance in terms of latency, good response times, low hop distance and high availability.

> Wonder if Zen are having some problems

It might be that they're getting a bit busy and the DNS Benchmark tool has a timeout that is too short - I forget whether there is a timeout parameter that can be extended in DNS Benchmark.

But in the light of my recent experience there are other possibilities.

I had various problems which I thought were with Demon's servers and first told myself that they perhaps were not responding within some timeout period that was rather too short. But then I later noticed that some networks I looked at were coming under attack (a reflection attack, reflected off the DNS servers). I then wondered what effect an attack that appeared to be coming _from_ an ISP's DNS server would have on a firewall.

So it might be worth checking router/firewall logs to see if there are any signs of an attack is in progress in Zen-land.

So the point occurs to me that there are now other reasons for using secondary DNS as backup that is not on the same network - as a reflection attack could in theory effectively DOS your ISP's servers for you.

This makes me wonder how many other cases of apparent DNS "server unreliability" could actually have been firewall reactions.

[Azzaka]

We could be getting busy more than anything.

We have upgraded our Colo servers and out hosting is also taking off, so we will be looking at the DNS servers. On top of this we are also working on the core network and will be rolling out new DNS Features for the Techies of us all.

All this rolled together will slow the servers down for a short period, but should then go back to normal.

The work to be released is DNS Sec. As Aaron is one of the Main hosting Guys, I'll ask to add a post here for it, however as you will appreciate this may have contributed to the load at times.