opendns....your thoughts

[Admiral Michael]

Well on dslreports its common knowledge that Bell Sympatico's (my ISP) DNS servers are horrible.

 

[rotjong]

I have tested using OpenDNS and my ISP's DNS servers and saw no difference at all in speed or routing times.
I can imagine that some people may see a diference though depending on how their connection is routed.

Sometimes I find using OpenDNS faster while other times it makes zero difference. In my case I find the reliability and stability of their servers to be better than the DNS servers of three different ISPs that I've used. Adding in the fact that OpenDNS is free and I'm sold.

 

[Dark Atheist]

i dont know if its me but since using open dns my internal network names no longer works i have to type the ip manually

 

[X-Istence]

But where does that point from there X?
Been using Opendns a few weeks and haven't really noticed if it is faster or slower although I did make the change once Neowin had moved servers - looks like Pipex is particularly slow!

My local DNS cache resolves DNS names much like OpenDNS, except instead of being stored in "the cloud" it is stored locally in RAM. When you lookup www.google.com the DNS cache does the following, if it is not in cache:

ask the top level domain servers
top-level> do you know www.google.com?
top-level< No, but I know .com can be found at .com-level with IP address (glue)
.com-level> do you know www.google.com?
.com-level< No, but I know that google.com is at ns1.google.com with IP address (glue)
ns1.google.com> do you know www.google.com?
ns1.google.com< Yes, www.google.com is at IP address 127.0.0.1

Now, the important part here is the glue. The top-level servers only know about the fact that when you want a .com, you need to go ask the .com top-level. So once you ask the .com, it will tell you that you can get google.com at ns1.google.com, however if that is all it gave you, you would be left in an infinite loop:

.com-level> do you know ns1.google.com?
.com-level< No, but I know google.com is ns1.google.com

The glue it provides is the IP address where the DNS server, ns1.google.com can be found.

As for Pipex being slow, there could be a variety of reasons for that. If Neowin switched just IP's, Pipex should have picked up the change within 4 hours, which is what their TTL was set at, unless before they moved they set it to something extremely low, in which case the caching server at Pipex may have defaulted to the 24 hours TTL. If Neowin also switched their nameserver provider, it may take a little while longer to trickle down from the root servers, especially since records like that are cached longer.

i dont know if its me but since using open dns my internal network names no longer works i have to type the ip manually

Eh, ... not sure I want to go there in the current state that I am in.

Sorry for the rather long lesson on DNS, just yet another topic I am interested in.

 

[X-Istence]

Step 1: Ask the root server for www.osnn.net

dig www.osnn.net @a.root-servers.net

; <<>> DiG 9.4.2-P1 <<>> www.osnn.net @a.root-servers.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6600
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 14
;; WARNING: recursion requested but not available

[b];; QUESTION SECTION:
;www.osnn.net.			IN	A[/b]

;; AUTHORITY SECTION:
net.			172800	IN	NS	K.GTLD-SERVERS.net.
net.			172800	IN	NS	J.GTLD-SERVERS.net.
net.			172800	IN	NS	M.GTLD-SERVERS.net.
net.			172800	IN	NS	L.GTLD-SERVERS.net.
net.			172800	IN	NS	C.GTLD-SERVERS.net.
net.			172800	IN	NS	D.GTLD-SERVERS.net.
net.			172800	IN	NS	F.GTLD-SERVERS.net.
net.			172800	IN	NS	B.GTLD-SERVERS.net.
net.			172800	IN	NS	G.GTLD-SERVERS.net.
net.			172800	IN	NS	H.GTLD-SERVERS.net.
net.			172800	IN	NS	I.GTLD-SERVERS.net.
net.			172800	IN	NS	A.GTLD-SERVERS.net.
net.			172800	IN	NS	E.GTLD-SERVERS.net.

;; ADDITIONAL SECTION:
A.GTLD-SERVERS.net.	172800	IN	A	192.5.6.30
A.GTLD-SERVERS.net.	172800	IN	AAAA	2001:503:a83e::2:30
B.GTLD-SERVERS.net.	172800	IN	A	192.33.14.30
B.GTLD-SERVERS.net.	172800	IN	AAAA	2001:503:231d::2:30
C.GTLD-SERVERS.net.	172800	IN	A	192.26.92.30
D.GTLD-SERVERS.net.	172800	IN	A	192.31.80.30
E.GTLD-SERVERS.net.	172800	IN	A	192.12.94.30
F.GTLD-SERVERS.net.	172800	IN	A	192.35.51.30
G.GTLD-SERVERS.net.	172800	IN	A	192.42.93.30
H.GTLD-SERVERS.net.	172800	IN	A	192.54.112.30
I.GTLD-SERVERS.net.	172800	IN	A	192.43.172.30
J.GTLD-SERVERS.net.	172800	IN	A	192.48.79.30
K.GTLD-SERVERS.net.	172800	IN	A	192.52.178.30
L.GTLD-SERVERS.net.	172800	IN	A	192.41.162.30

;; Query time: 69 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Sun Aug 31 04:41:47 2008
;; MSG SIZE  rcvd: 499

Notice how we asked a question, and we did not get an answer. All we got was a referral to go ask elsewhere. The additional section is the glue the DNS server sent back in this case! a.gtld-servers.net is the one I picked:

Ask a.gltd-servers.net for www.osnn.net

dig www.osnn.net @A.GTLD-SERVERS.net

; <<>> DiG 9.4.2-P1 <<>> www.osnn.net @A.GTLD-SERVERS.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55493
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

[b];; QUESTION SECTION:
;www.osnn.net.			IN	A[/b]

;; AUTHORITY SECTION:
osnn.net.		172800	IN	NS	a.ns.osnn.net.
osnn.net.		172800	IN	NS	b.ns.osnn.net.

;; ADDITIONAL SECTION:
a.ns.osnn.net.		172800	IN	A	70.86.102.19
b.ns.osnn.net.		172800	IN	A	70.86.102.20

;; Query time: 97 msec
;; SERVER: 192.5.6.30#53(192.5.6.30)
;; WHEN: Sun Aug 31 04:42:18 2008
;; MSG SIZE  rcvd: 97

Once again, we get a referral to go looking elsewhere. This time it suggests we try a.ns.osnn.net or b.ns.osnn.net. No answer contained in this packet.

So lets ask a.ns.osnn.net about www.osnn.net

dig www.osnn.net @a.ns.osnn.net

; <<>> DiG 9.4.2-P1 <<>> www.osnn.net @a.ns.osnn.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13230
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

[b];; QUESTION SECTION:
;www.osnn.net.			IN	A[/b]

[i][b];; ANSWER SECTION:
www.osnn.net.		86400	IN	A	70.86.102.18[/b][/i]

;; AUTHORITY SECTION:
osnn.net.		172800	IN	NS	a.ns.osnn.net.
osnn.net.		172800	IN	NS	b.ns.osnn.net.

;; ADDITIONAL SECTION:
a.ns.osnn.net.		172800	IN	A	70.86.102.19
b.ns.osnn.net.		172800	IN	A	70.86.102.20

;; Query time: 50 msec
;; SERVER: 70.86.102.19#53(70.86.102.19)
;; WHEN: Sun Aug 31 04:42:49 2008
;; MSG SIZE  rcvd: 113

Notice how this time we got an answer back from the server? It was able to provide us an answer since it knew the exact thing we were looking for. Also notice, that it sends back an additional section. It is providing more glue, this way if there is a caching server it will cache this information so that the next time the gtld-servers.net tells it to go to a.ns.osnn.net for a different query, it will already have this information in cache, and if for example we were moving our DNS servers over, we could add more DNS servers to be sent out with the additional section, so that those are cached before we make the switch over. (And that is how Dan Kaminsky owned teh Internet, go read his blog for more info, it is too much to summarise here!)

Hope that helps some of you understand DNS, and how it works. Open DNS does everything above for you, and then just gives you the answer you want. Note that to ask just for osnn.net there are at least 3 DNS queries that have to be created and sent before getting the answer back, and if www.osnn.net was a CNAME for another domain name for example www.electronicpunk.com, we would have to start from scratch to resolve www.electronicpunk.com.

OpenDNS has the advantage that because it receives so much traffic, that at any given point in time it will most likely have a cached answer ready to be sent back to the user requesting it, and since it was built with millions of users in mind it will be fast. Whereas the DNS server your ISP has set up was done because it is required, as you would rather prefer your users to ask you for the IP address of names mainly because while going to one website means at least 1 query from the user, most likely they also need to know the IP address for an ad server, and another ip address for an image server, and things like that. DNS queries add up fast.

OpenDNS has a slight disadvantage in that it is further away from you than your ISP's DNS servers. Your ISP's DNS servers are hopefully local to your network, and to how you are connected to the Internet, meaning it should be able to reply faster, and not be dependent on network traffic and latency.

Having a local caching server like the one I have set up, has the distinct advantage that at any given time, I can tell my cache to be flushed, thereby allowing me to instantly see, and recognise DNS updates, which is a practically a must as a Unix/Linux system administrator who moves domains from server to server.

The downside is that each time I request a name, and it is not in cache, I am sending at least three queries, and since it is just me and 6 others in the house I am living in, I am less likely to have certain rarer names in cache.

 

[Dark Atheist]

i think its more samba bug than open dns - if i use my old dns servers its the same, just a coinsidence it started to happen at the same time i used open dns ;p