LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-26-2016, 01:04 PM   #1
RandomTroll
Senior Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 1,953

Rep: Reputation: 270Reputation: 270Reputation: 270
DNS: is there a reason to use one server or another?


I started using OpenDNS when it started. As a result of the hacking of Dyn I've considered switching, but I don't know how to decide on one or the other.

Have any of you recommendations on DNS servers to use or how to figure out which?
 
Old 10-26-2016, 01:32 PM   #2
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 11,217

Rep: Reputation: 5309Reputation: 5309Reputation: 5309Reputation: 5309Reputation: 5309Reputation: 5309Reputation: 5309Reputation: 5309Reputation: 5309Reputation: 5309Reputation: 5309
Quote:
Originally Posted by RandomTroll View Post
I started using OpenDNS when it started. As a result of the hacking of Dyn I've considered switching, but I don't know how to decide on one or the other.

Have any of you recommendations on DNS servers to use or how to figure out which?
I use Google DNS. Performs great. Noticeably faster than my ISP's DNS servers.

Also: I'd heard that OpenDNS wasn't really affected by the attack on dyn, because it uses cached queries? So the Dyn attack would be a reason to stay with OpenDNS?

Last edited by dugan; 10-26-2016 at 02:54 PM.
 
Old 10-26-2016, 03:57 PM   #3
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 19,872
Blog Entries: 12

Rep: Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053
i've been using opennic for quite some time now.
you might have to change servers once in a while.
i monitor the top 10, and if my current server is not in it anymore, i might need to change it.
i had to do that maybe once in the past year.
 
Old 10-26-2016, 04:28 PM   #4
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
1 gurgle @ 8.8.8.8
1 L3Comm @ 4.2.2.2
 
Old 10-26-2016, 07:04 PM   #5
jefro
Moderator
 
Registered: Mar 2008
Posts: 21,968

Rep: Reputation: 3622Reputation: 3622Reputation: 3622Reputation: 3622Reputation: 3622Reputation: 3622Reputation: 3622Reputation: 3622Reputation: 3622Reputation: 3622Reputation: 3622
I've set the 50 or so web pages that I like to go to in hosts file and the systems usually never go to dns.


One of the reasons a person would use OpenDNS is to control the content maybe to the clients. http://www.howtogeek.com/167239/7-re...y-dns-service/
 
Old 10-26-2016, 09:53 PM   #6
RandomTroll
Senior Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 1,953

Original Poster
Rep: Reputation: 270Reputation: 270Reputation: 270
I didn't mean to disparage OpenDNS. I set it about 8 years ago and forgot it. The hacking of Dyn made me think about my choice, not unhappy with Dyn. Cisco bought OpenDNS when I wasn't looking and it's a lot different now.

I found namebench, a python script that measures access. It seems that my ISP's internal routing adds significant overhead to external servers, so I switched to it. The numbers at the library are much different. I can see the overhead in any traceroute.

Perhaps I should be concerned with snooping? Some servers offer encryption.
 
Old 10-28-2016, 03:54 AM   #7
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,070

Rep: Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897
Quote:
Originally Posted by RandomTroll View Post
I didn't mean to disparage OpenDNS. I set it about 8 years ago and forgot it. The hacking of Dyn made me think about my choice, not unhappy with Dyn. Cisco bought OpenDNS when I wasn't looking and it's a lot different now.
Essentially having a satisfactory DNS service for 8 years without lots of fiddling and tweaking counts as success...

Quote:
Originally Posted by RandomTroll View Post
I found namebench, a python script that measures access. It seems that my ISP's internal routing adds significant overhead to external servers, so I switched to it. The numbers at the library are much different. I can see the overhead in any traceroute.
For some reason that I am not entirely clear about. and as a generalisation. ISPs seem poor at running DNS servers. At times. I have seen evidence that they don't even really understand DNS or just don't care enough to do it right...

One warning about namebench: I have tried it and Gibson Research's DNS Bench (https://www.grc.com/dns/benchmark.htm - runs under wine) and found only vague similarities in the results. I'm not saying 'X is right and Y is wrong' just that I don't give absolute trust to any set of results measured at any one time.

My method of dealing with this has been to hand the details of a few of the top performing servers over to DNSMASQ and let it do its thing. Given that it is happy to use a few more servers than the standard resolver approach this set up ought to be more robust to the failure of any one provider.

Quote:
Originally Posted by RandomTroll View Post
Perhaps I should be concerned with snooping? Some servers offer encryption.
I think last time I looked at this I set 'only show me servers that offer some kind of encryption' as a baseline requirement (and if I remember correctly the GRC util will do this with a single click and namebench won't. but I may have that the wrong way around). I didn't think I had much to worry about directly on the snooping front (hey. come up with a list of websites that I may have accessed while I'm out and about - that's not going to cause me all that much trouble. even if I would prefer that you didn't) but I was a bit worried about bogus man-in-the-middle DNS attacks particularly at public WiFi hotspots (where it is quite easy to do apparently) and thought that I was just a bit better off with encryption than without.
 
Old 10-28-2016, 12:09 PM   #8
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 19,872
Blog Entries: 12

Rep: Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053
Quote:
Originally Posted by jefro View Post
I've set the 50 or so web pages that I like to go to in hosts file and the systems usually never go to dns.
damn that's one of those simple things everybody should be doing, but doesn't.

i will get onto it right away.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows 2008 Primary DNS server and Linux as Secondary DNS server the_linux_guy Linux - Server 1 10-23-2016 03:21 PM
LXer: Find out DNS Server Version With DNS Server Fingerprinting Tool LXer Syndicated Linux News 0 12-21-2007 05:30 PM
LXer: Find out DNS Server Version With DNS Server Fingeprinting Tool LXer Syndicated Linux News 0 12-21-2007 04:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration