What's new

DNS Trivia

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

My only thought is I thought 1.0.0.0 IP address space was awarded to China years ago. Maybe I was wrong.
There's a full explanation on their websites, but...
Who’s behind this?
1.1.1.1 is a partnership between Cloudflare and APNIC.

Cloudflare runs one of the world’s largest, fastest networks. APNIC is a non-profit organization managing IP address allocation for the Asia Pacific and Oceania regions.

Too slow for me in the UK though...

My ISP's DNS = 7ms
9.9.9.9 = 11ms
Google DNS = 16ms
1.1.1.1 = 26ms
 
Am in the UK and 1.1.1.1 its not the best 45ms to 103ms

Microsoft Windows [Version 10.0.17133.1]
(c) 2018 Microsoft Corporation. All rights reserved.
C:\Users\Home>nslookup -type=TXT resolver.dnscrypt.info
Server: router.asus.com
Address: 10.82.235.6
Non-authoritative answer:
resolver.dnscrypt.info text =
"Resolver IP: 162.158.33.35"
(root) ??? unknown type 41 ???
 
Those with poor latency, can you try a traceroute? Curious to see if your ISP is peering with Cloudflare or not.

Here with Teksavvy, they peer with a Canadian IX, which directly peers with Cloudflare's network. That makes anything on Cloudflare very close to us Teksavvy customers, and therefore with very good latency.

That doesn't change the fact that these public DNS aren't always optimal for CDN providers tho, the main reason why I prefer to avoid using them for a home network.

(can't post a proper traceroute here atm, my desktop is pushing a backup to the NAS' therefore my LAN is a bit sluggish atm).
 
I still think your local ISP DNS is best in the USA.

I am old school USA. I think I would trust IBM, 9.9.9.9 before an Asian registry APNIC, 1.1.1.1 for security.
 
Cloudflare seems to be based in Australia so people in Australia will probably find it quicker. My only thought is I thought 1.0.0.0 IP address space was awarded to China years ago. Maybe I was wrong.


View attachment 12574

APNIC is here in Australia, Cloudflare is US based though, so far as I know, & provide DNS servers world wide.
 



How about a Quad9 server closer to Adelaide than the existing one in Sydney Bill?
Even Melbourne would be nice.
It appears Cloudflare are in Melbourne, hence 1.1.1.1 much faster for me than Quad9. ;-)

Have to say though, where I am, Quad9 left Google in the dust, so was my go to for DNS till Cloudflare popped up.........
 
Being close helps. The network map you are on has a big impact based where you get dumped out. How the ISPs get to where you want to go is all different from network to network.
 
Since I have about 20 DNS servers available with nearly the same response time, I get to make my choice based on security. Heck, I'd do that even if it meant wasting 30ms.
 
Is there any way to use Gloudflare new DNS service 1.1.1.1 security features like DNS over HTTPS and DNS over TLS on ASUS routers?
Pretty much, for DNS over TLS you could do something via DNSMasq, Unbound, or DNSCrypt, which will require changing your port from 53 to 835.

for DNS over HTTPS, require's a little more hand's on involvement and currently DNSCrypt has a working version of Cloudflare on the latest version I believe providing DNS over HTTPS

Here's 2 resource link's to get you started.

https://www.snbforums.com/threads/how-to-change-wan-dns-port.18177/

https://www.snbforums.com/threads/replacing-dnsmasq-dns-with-unbound.37473/
(Xentrk was apart of this discussion)
Below is a solution for dnscrypt/DOH

https://www.snbforums.com/threads/release-dnscrypt-installer-for-asuswrt.36071/

It also have software to improve your entropy pool. Simply use the installer and select the dns you want.
 
Ouch. Yeah, they're sending you to Palo Alto ("pao") instead of Dallas. Sorry. I'll have our interconnection folks try to get them to fix it, but they'll always be more responsive to a customer than to another network operator... So if you want to open a ticket with them, point them at https://pch.net/peering and ask them why they're not interconnecting in Equinix or TIE Dallas to solve this problem. It's not just effecting Quad9, of course... You're also getting poor performance to two of the root nameservers and most of the top-level domains, since they're all routed the same way out of AS42.

Thanks.

I guess you know IBM has a big facility in Austin Texas. Maybe that would work for you.
 
Saw this site referenced in a CNET video on the 1.1.1.1 DNS Announcement

DNS Performance Analytics and Comparison website:
https://www.dnsperf.com/
 
All these benchmarks are missing an important point: if they don't properly point you at the correct node when accessing CDN-provided content, then you will save 10ms on that first DNS query that gets cached anyway for all future queries, but experience potential performance drops when downloading/streaming from that CDN.

And not properly routing people to their nearest CDN endpoint means that ultimately, some of these DNS servers will degrade the general Internet performance rather than improve it...

So an important piece of information when evaluating those DNS servers: which one support RFC7871, and with which CDN do they work properly?
 
Those with poor latency, can you try a traceroute? Curious to see if your ISP is peering with Cloudflare or not.
In case you're interested:
Code:
C:\Users\Colin>tracert 1.1.1.1

Tracing route to 1dot1dot1dot1.cloudflare-dns.com [1.1.1.1]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  router.asus.com [192.168.1.1]
  2     *        *        *     Request timed out.
  3     7 ms     7 ms     7 ms  brig-core-2a-xe-803-0.network.virginmedia.net [80.3.64.81]
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8    33 ms    24 ms    25 ms  pres-core-2a-ae16-0.network.virginmedia.net [62.254.42.26]
  9    27 ms    28 ms    27 ms  know-wblk-1a-xe-200-0.network.virginmedia.net [62.254.1.214]
 10     *        *        *     Request timed out.
 11    38 ms    37 ms    45 ms  ae0.cr1-man1.ip4.gtt.net [77.67.65.141]
 12    27 ms    28 ms    26 ms  cloudflare-gw.cr1-man1.ip4.gtt.net [141.136.99.138]
 13    27 ms    26 ms    26 ms  1dot1dot1dot1.cloudflare-dns.com [1.1.1.1]

Trace complete.

C:\Users\Colin>tracert 9.9.9.9

Tracing route to dns.quad9.net [9.9.9.9]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  router.asus.com [192.168.1.1]
  2     *        *        *     Request timed out.
  3     8 ms     8 ms     7 ms  brig-core-2a-xe-803-0.network.virginmedia.net [80.3.64.81]
  4     *        *        *     Request timed out.
  5    13 ms    11 ms    11 ms  brnt-ic-1-ae0-0.network.virginmedia.net [62.254.42.198]
  6    11 ms    10 ms    10 ms  m686-mp2.cvx1-b.lis.dial.ntli.net [62.254.42.174]
  7     *        *        *     Request timed out.
  8    11 ms    20 ms    12 ms  uk-lon01b-ri1-ae23-0.aorta.net [84.116.135.30]
  9    13 ms    12 ms    11 ms  195.66.225.238
 10    10 ms    12 ms    12 ms  dns.quad9.net [9.9.9.9]

Trace complete.
 
I have moved back to Opendns

Tracing route to resolver2.opendns.com [208.67.220.220]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms router.asus.com [10.82.235.6]
2 16 ms 9 ms 9 ms 10.81.4.1
3 12 ms 10 ms 8 ms uddi-core-2a-xe-804-0.network.virginmedia.net [62.253.2.97]
4 * * * Request timed out.
5 20 ms 22 ms 17 ms telw-ic-4-ae0-0.network.virginmedia.net [62.254.84.70]
6 19 ms 20 ms 18 ms gi0-2.rtr1.lon.opendns.com [195.66.225.70]
7 20 ms 18 ms 19 ms resolver2.opendns.com [208.67.220.220]

Trace complete.

Tracing route to 1dot1dot1dot1.cloudflare-dns.com [1.1.1.1]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms router.asus.com [10.82.235.6]
2 10 ms 8 ms 8 ms 10.81.4.1
3 15 ms 9 ms 8 ms uddi-core-2a-xe-805-0.network.virginmedia.net [62.253.2.101]
4 * * * Request timed out.
5 25 ms 23 ms 23 ms pres-core-2a-ae16-0.network.virginmedia.net [62.254.42.26]
6 25 ms 24 ms 30 ms know-wblk-1a-xe-200-0.network.virginmedia.net [62.254.1.214]
7 * * * Request timed out.
8 41 ms 42 ms 40 ms ae0.cr1-man1.ip4.gtt.net [77.67.65.141]
9 25 ms 24 ms 24 ms cloudflare-gw.cr1-man1.ip4.gtt.net [141.136.99.138]
10 27 ms 25 ms 25 ms 1dot1dot1dot1.cloudflare-dns.com [1.1.1.1]

Trace complete.
 
I am seeing intermittent problems to quad9. I don't know if it is Spectrum or quad9. It looks like quad9.

Microsoft Windows [Version 10.0.17134.191]
(c) 2018 Microsoft Corporation. All rights reserved.
C:\Users\lee>tracert 9.9.9.9
Tracing route to dns.quad9.net [9.9.9.9]
over a maximum of 30 hops:
1 9 ms 9 ms 5 ms 192.168.0.254
2 3 ms 2 ms 2 ms router44BEE6 [192.168.10.1]
3 12 ms 27 ms 16 ms cpe-72-133-80-1.sw.res.rr.com [72.133.80.1]
4 30 ms 26 ms 41 ms tge0-0-0.elgntx0801h.texas.rr.com [66.68.3.169]
5 16 ms 21 ms 18 ms agg38.ausutxla01r.texas.rr.com [24.175.42.138]
6 22 ms 21 ms 23 ms agg22.dllatxl301r.texas.rr.com [24.175.41.46]
7 25 ms 22 ms 26 ms 66.109.1.216
8 18 ms 24 ms 19 ms 4.68.72.117
9 20 ms 22 ms 19 ms 4.68.72.69
10 * * * Request timed out.
11 * lee-LAP [192.168.0.90] reports: Destination host unreachable.
Trace complete.
C:\Users\lee>tracert 9.9.9.9
Tracing route to dns.quad9.net [9.9.9.9]
over a maximum of 30 hops:
1 lee-LAP [192.168.0.90] reports: Destination host unreachable.
Trace complete.
C:\Users\lee>tracert 9.9.9.9
Tracing route to dns.quad9.net [9.9.9.9]
over a maximum of 30 hops:
1 lee-LAP [192.168.0.90] reports: Destination host unreachable.
Trace complete.
C:\Users\lee>tracert 9.9.9.9
Tracing route to dns.quad9.net [9.9.9.9]
over a maximum of 30 hops:
1 4 ms 5 ms 9 ms 192.168.0.254
2 31 ms 2 ms 3 ms router44BEE6 [192.168.10.1]
3 30 ms 17 ms 37 ms cpe-72-133-80-1.sw.res.rr.com [72.133.80.1]
4 31 ms 38 ms 41 ms tge0-0-0.elgntx0801h.texas.rr.com [66.68.3.169]
5 18 ms 26 ms 13 ms agg38.ausutxla01r.texas.rr.com [24.175.42.138]
6 24 ms 23 ms 22 ms agg22.dllatxl301r.texas.rr.com [24.175.41.46]
7 28 ms 22 ms 22 ms 66.109.1.216
8 34 ms 18 ms 32 ms 4.68.72.117
9 22 ms 18 ms 18 ms 4.68.72.69
10 59 ms 65 ms 59 ms te7-4-10G.ar1.PAO2.gblx.net [67.17.111.246]
11 63 ms 64 ms 62 ms packet-clearing-house.gigabitethernet9-28.ar1.pao2.gblx.net [208.178.194.98]
12 73 ms 64 ms 63 ms dns.quad9.net [9.9.9.9]
Trace complete.
C:\Users\lee>
 
I live in central Canada. I use cloudflare 1.1.1.1 they must have a CDN in eastern Canada as my latency is 24ms. If I use anything else like Google or Q9 the latency shoots way way up to 64ms and 124ms respectively. I'm not sure this kind of thing worries a home user. Even if that home user is me. I am a fussy guy. I find that 24ms is pretty fast and in no way hurts my browsing or any other experience.

EDIT: Forgot to mention I use Dnscrypt and have Doh and DNSSEC enabled.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top