What's new

DNS Servers

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Gapmn

Regular Contributor
Merlin,

"Benchmark tools that check for response times like DNSBench are worthless, and will usually hurt your general performance rather than improve it. Never rely on these."

What is the best way to determine a DNS to use then?
 
Using your local ISP DNS has to be the fastest because it is local. Going off network you are bound to take a hit. I think AT&T DNS is better than TWC DNS but I would still run the local DNS. I would not run DNS if it is provided by your local modem. Hard code the real ISP DNS server IP addresses in your router.
 
Last edited:
Merlin,

"Benchmark tools that check for response times like DNSBench are worthless, and will usually hurt your general performance rather than improve it. Never rely on these."

What is the best way to determine a DNS to use then?

There's no way to test a DNS in any useful way. Go with either your ISP's DNS, or the DNS of another local ISP. The key thing with DNS is that it must know in which network location you are, so it can point you to the closest server when you try to access a CDN (Content Distribution Network)'s server. Two common examples to explain what I mean here.

1) Many ISPs will host a Youtube cache system within their network. So if you use your ISP's DNS to access Youtube, you will be getting faster throughput, as in some cases you might not even need to leave your ISP's own network. If you were located in Eastern US and were to use a DNS that's located on the West coast, you might end up accessing a Youtube server at the other end of the country, which would result in more frequent buffering while streaming high bitrate videos.

2) Many large sites such as Microsoft will use Akamai to provide file download services to their visitors. So when downloading, for example, a large service pack, your ISP's DNS can point you at a closer Akamai server, for improved download throughput, rather than having you go through a lot of detours to reach some random download server.

Finally, keep in mind that DNS queries are cached locally. The first time you try to access server1.youtube.com, your ISP's DNS might take 100ms instead of the 50ms from another server. But every subsequent lookup for the next couple of minutes (or hours), it will be instantaneous, because your computer (and also your router in the case of Asus's) will already have the answer, and won't even need to ask again to the DNS.

You will not really notice that one-time 50ms you will save on the very first access to a site. But jerky video streaming will definitely ruin your experience.
 
Put another way: I often compare the DNS system to the Internet's Yellow Pages when I have to explain how the DNS system works. In this case, getting the large Yellow Page phonebook from your city might be faster than digging up the small local one from your neighbourhood that's currently lost at the bottom of a drawer, but you might have to drive a long way if that thick one gives you the address of a store at the other end of town rather than the one accross your street mentioned by your local phonebook.
 
Merlin's answer leads to another observation I've made when I was testing pfSense.

The default DNS cache size of dnsmasq (1000/1500) is woefully inadequate. pfSense allows you to use Unbound as the DNS server software and it allows a maximum of 100k entries. Just opening a single page caused many thousands of entries to fill the cache. Now imagine a network connection that you share with family and the rate at which the cache will fill and overwrite itself will be astounding.

Increasing the cache size of dnsmasq to its maximum of 10k helps the cache entries stay alive a little bit longer.

But Merlin is correct. If the address you are trying to find isn't in the cache, then you will take a performance hit as your browser will have to contact the configured DNS server. If you want to find one that has good performance, Google has a software utility called namebench that will benchmark all name servers, including the ones you ask it to test, and tell you which one would be faster to use.
 
Since, I love my privacy not be index or sell my browsing history by no ISP. I do circumnavigate to my closest DNS server for better resolution of my browsing experience. Using OpenNic, http://www.opennicproject.org/nearest-servers/ and using Ping on your MS-dos command as administrator, check for time response from each server responding.

Additionally, OpenNic offers an excellent WEB tutorial on how DNS works and how you could edit your Parameters. I live in the Pacific Ocean and most local internet service providers are all connected world wide via Oceanic Fiber cables. My DNS is basically pointing out to my closest location, that will be Japan, about 1000 nautical miles, and my DNS resolution has improve 90 percent.

Respectfully
 
Merlin's answer leads to another observation I've made when I was testing pfSense.

The default DNS cache size of dnsmasq (1000/1500) is woefully inadequate. pfSense allows you to use Unbound as the DNS server software and it allows a maximum of 100k entries. Just opening a single page caused many thousands of entries to fill the cache. Now imagine a network connection that you share with family and the rate at which the cache will fill and overwrite itself will be astounding.

Increasing the cache size of dnsmasq to its maximum of 10k helps the cache entries stay alive a little bit longer.

I'd hate to see a website doing "many thousands" of different hostname lookups - that would be one hell of a website. A typical website is more likely to issue a few dozens at most.

DNS entries expire after a set TTL (typically between 1 and 4 hours, sometimes more for some sites). It's highly unlikely that a home network would be resolving 10,000 different hostnames within a few hours, unless you were doing something odd such as parsing weblogs.

To determine if your cache is actually too small or not, run the following commands over SSH:

Code:
killall -SIGUSR1 dnsmasq
tail /tmp/syslog.log -n 10

Look for a line looking like this:

Code:
Apr 11 02:42:56 dnsmasq[4804]: cache size 1500, 0/116 cache insertions re-used unexpired cache entries.

The interesting numbers here would be 0/116.

0 = The number of times the router had to remove a cache entry to replace it with a new one, due to the cache being full
116 = the number of times a cached entry was used

1500 might indeed be a little on the low side these days (but remember that only a few years ago, the typical default used by dnsmasq was 150), but it's not THAT bad.
 
Last edited:
But of course asuswrt-merlin allows you to set the cache to anything you want

Code:
Apr 11 09:52:08 dnsmasq[566]: cache size 8192, 0/125214 cache insertions re-used unexpired cache entries.
 
After an hour of web browsing here, my default cache of 1500 still hasn't had a single entry flushed out due to being full:

Code:
Apr 11 14:24:28 dnsmasq[4804]: cache size 1500, 0/4963 cache insertions re-used unexpired cache entries.
 
And here, after 26 hours with myself, the wife and my son - browsing, Netflix, PS3, YouTube, twitch, email, etc., etc.
Apr 11 22:51:11 dnsmasq[797]: cache size 1500, 0/9308 cache insertions re-used unexpired cache entries.
Apr 11 22:51:11 dnsmasq[797]: queries forwarded 2034, queries answered locally 2698
 
Pretty sure by now that 1500 is more than adequate for most homes. Thanks for comparing results with me folks - I had been wondering lately if maybe I shouldn't bump this to 3000 or 4000 as the default value. 1500 looks fine.
 
I know Tomato has been playing with bigger numbers, I think that may have been because dnsmasq used to use the cache for local hosts lists. The manpage is now clear those have additional storage. I'll put mine back to default sometime and see if there are ever any cache insertions. Any idea why the Nos don't seem to add up?

Code:
Apr 12 13:19:18 dnsmasq[503]: cache size 8192, 0/106312 cache insertions re-used unexpired cache entries.
Apr 12 13:19:18 dnsmasq[503]: queries forwarded 25920, queries answered locally 37873

I'm sure all client devices also cache locally which reduces likelihood of router cache hits.

I've used the bigger size for years because I have assumed it is just a ram hit, no performance due to hash based cache lookup.
 
Most clients will hit the local client DNS cache first before doing a DNS request, so the DNSMasque cache in the router/ap shouldn't be too terribly large - rMerlin said it best - with more and more services using CDN's like Akamai and Level3's CDN services, others like Google putting content cache nodes inside the ISP's last mile link. having too large of a cache can actually harm performance rather than improve.
 
A couple of days ago I had an issue with Tomshardware.com loading very slowly. In the past I had used namebench to find the fastest server for me. I had kept a text file of the fastest servers.

I configured the router (RT-N66U running hggomes 378.52.1) to use those servers and amazingly, the whole 'net was faster, including Toms.

Today, I tried using another computer and although connected to the router and the router indicated a connection with my ISP, I could not browse any sites at all. I then tried a half dozen other devices until I thought to finally try the original computer I had reset the DNS settings on the router with. This one connected and browsed the internet without issues.

I reset the DNS servers to the default ISP provided ones and now everything has internet access again.

Just wanted to post this as some people seemed to be having this issue and blaming different firmware versions. When, it could have just been the DNS settings.
 
Or the client... to clear the local client caches for select client OS's...

Windows 8/7/XP/NT –

ipconfig /flushdns

Mac OSX

10.10:

sudo discoveryutil udnsflushcaches

10.9:

dscacheutil -flushcache
sudo killall -HUP mDNSResponder

MacOSX 10.7/8:

killall -HUP mDNSResponder

MacOSX 10.6 and 10.5:

dscacheutil -flushcache

MacOSX 10.5.1 and earlier:

lookupd -flushcache

Linux Desktop/Servers

/etc/init.d/named restart

or...

/etc/init.d/nscd restart

sfx
 
To make it more complex: I have set the router to IPv6 Tunnel6in4, with Hurricane Electric.
Some time ago I noticed issues on IPv6 DNS while IPv4 was correct, disable IPv6 is sometimes the fix.
In line with Merlin...somtimes people seems to rip out a yellow DNS page for private use and make some entries unavailable to others :)
Or a DNS server can be behind and still miss some updates.
It can be helpfull to have some well known IP adresses written down, or have an alternative DNS to use, to be able to quickly determine if you run into a DNS problem or Internet connection problem.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top