Tag Archives: DNS server optimization

DNS – Often Overlooked and Overworked Essential Piece of the Internet

DNS MADE FASTER!

Optimizing your DNS Server Settings for a Faster Internet

DNS makes the internet run. DNS takes a human friendly domain name or URL like, www.disney.com and does a lookup to find the non-human IP where www.disney.com currently is pointing to —> 199.181.132.249. Imagine your favorite website being named 199.181.132.249 instead. That would be very hard to remember and not very brand recognizable.

DNS lookups are done by nearly all software these days, and DNS lookups are heavily used in modern web based software, and especially in smartphone applications.

Most users just accept whatever DNS server information they are fed by DHCP usually from their internet provider. The downsides of this acceptance comes in the forms of:

1. Reliability – Most providers feed you two DNS servers, typically with the very same server operator (think themselves or Google). If their server or network fails two options might mean one still works, but often this isn’t so true and their remaining resource shared by a large pool of customers quickly becomes overloaded or fails.

2. Often slow lookup speeds – Your internet provider might not be slow, instead their DNS probably is a main contributor as your DNS requests pile up in the DNS traffic jam. This can result in multiple second delays as your surf from site to site. It can cause all sorts of ugly failures in smartphone apps. In general the delays and failures break tons of things in way the developers never intended to deal with gracefully.

3. Random cache optimization – In order to reduce bandwidth for lookups and reduce DNS server resources while appearing to have faster lookups many companies employ caching of DNS records that ignores the TTL (length of time such record should cached).

4. DNS poisoning / capturing invalid or failed lookups – a non standard trick employed to capture bad requests and push the viewer to a page, search results or other portal where the DNS company makes money.

5. Privacy – He who controls the DNS lookup server knows everything that every customer is doing and using. That data is valuable to marketing firms, advertising companies, aggregators, etc. Many companies, ISPs, etc. are selling your data without your knowledge, and even companies like your ISP that you pay for service.

Goal

To optimize your DNS server selection for the best performance, and ideally with some awareness on the above five points we present namebench. Namebench is an open source and cross-platform DNS testing tool. It works under Linux, Windows and other common operating systems.

Project Page:
http://code.google.com/p/namebench/

 

How to Install Namebench on Debian Linux

Open your favorite terminal program (terminator, Root Terminal, etc.). Become root:

su
[provide root password]

Create a new directory:

mkdir ~/temporary
cd ~/temporary

Install Python:

apt-get install python

Download namebench:

wget http://namebench.googlecode.com/files/namebench-1.3.1-source.tgz

Unzip / Untar namebench:

tar -xzvf namebench-1.3.1-source.tgz

Run namebench:

cd namebench-1.3.1
./namebench.py

This will run a completely text based terminal output of the results. The output is very verbose.

————————————————————————————-
namebench 1.3.1 – best source (automatic) on 2014-09-30
threads=40/2 queries=250 runs=1 timeout=3.5 health_timeout=3.75 servers=11
——————————————————————————

– Reading Top 2,000 Websites (Alexa): data/alexa-top-2000-domains.txt (0.7MB)
– Reading Cache Latency Test (100% hit): data/cache-hit.txt (0.1MB)
– Reading Cache Latency Test (100% miss): data/cache-miss.txt (0.1MB)
– Reading Cache Latency Test (50% hit, 50% miss): data/cache-mix.txt (0.1MB)
– Generating tests from Top 2,000 Websites (Alexa) (33575 records, selecting 250 automatic)
– Selecting 250 out of 33542 sanitized records (weighted mode).
– Checking query interception status…
– Checking connection quality: 1/3…3/3
– Congestion level is 0.46X (check duration: 18.50ms)
– Checking latest sanity reference
– Building initial DNS cache for 4516 nameservers (40 threads)
– Checking nameserver availability (40 threads):

0/4516……………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………..916…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………1821……………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………….2736……………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………..3649………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………….4516/4516

– 1021 of 4516 servers are available (duration: 0:03:17.742999)

– Removing secondary nameservers slower than 36.67ms (max=400)

– Running initial health checks on 213 servers (35 threads): 0/213……………………47………………………..104………………………..161………………….204…….213/213

– 203 of 213 tested name servers are healthy

– Making Google Public DNS-2 [ptr-216-8-179-23.ptr] the primary anycast – faster than Google Public DNS [ptr-216-8-179-23.ptr] by 3.75ms

– Making OpenDNS-2 [1.ash] the primary anycast – faster than OpenDNS [7.ash] by 15.43ms

– Making DynGuide [default] the primary anycast – faster than DynGuide-2 [default] by 4.80ms

– Making UltraDNS [IAD] the primary anycast – faster than UltraDNS-2 [4.34] by 12.52ms

– Picking 16 secondary servers to use (8 nearest, 8 fastest)

– Waiting for wildcard cache queries from 22 servers (22 threads): 0/22………..22/22

– Waiting 4s for TTL’s to decrement.

– Running cache-sharing checks on 22 servers (40 threads): 0/462x…………………………………………………………………………………….192………………………………………………………………………354……………………………………..xxxx!xxx.xxxxxxxxxxxxx!!!!!.!!!!!!!!!!!!!!xxxxxxxxxxxxxxxxx!!!..448!!!!!!!!!!…..!!!!..462/462

– Disabling Cable & Wireless DE [ash-cdns-1] – slower replica of Cable & Wireless DE-2 [ash-cdns-2] by 8.2ms.

– Picking 5 secondary servers to use (2 nearest, 3 fastest)

– Cable & Wireless DE-3 [141.1.1.1] appears to be the nearest regional (7.65ms)

– Running final health checks on 11 servers (11 threads): 0/11……11/11

– All nameservers have warning: www.paypal.com is hijacked: www.paypal.com.akadns.net (likely a false positive)

– All nameservers have warning: www.facebook.com appears incorrect: star.c10r.facebook.com (likely a false positive)

Final list of nameservers considered:
——————————————————————————
199.2.252.10 Sprintlink-2 14 ms | twitter.com appears incorrect: 199.16.156.230, 199.16.156.38, 199.16.156.6, 199.16.156.102, google.com appears incorrect: 173.194.123.35, 173.194.123.38, 173.194.123.36, 173.194.123.33, 173.194.123.40, 173.194.123.41, 173.194.123.37, 173.194.123.34, 173.194.123.32, 173.194.123.46, 173.194.123.39, www.google.com is hijacked: 173.194.46.114, 173.194.46.112, 173.194.46.115, 173.194.46.113, 173.194.46.116

199.45.32.38 BellAtlantic-2 US 14 ms | google.com appears incorrect: 173.194.121.7, 173.194.121.0, 173.194.121.3, 173.194.121.5, 173.194.121.8, 173.194.121.6, 173.194.121.4, 173.194.121.2, 173.194.121.9, 173.194.121.14, 173.194.121.1, twitter.com appears incorrect: 199.16.156.198, 199.16.156.6, 199.16.156.70, 199.16.156.230, www.google.com is hijacked: 74.125.225.19, 74.125.225.18, 74.125.225.17, 74.125.225.20, 74.125.225.16

151.197.0.38 Verizon Philadelph 18 ms | www.google.com is hijacked: 74.125.228.211, 74.125.228.210, 74.125.228.209, 74.125.228.208, 74.125.228.212, twitter.com appears incorrect: 199.16.156.230, 199.16.156.38, 199.16.156.102, 199.16.156.70

141.1.1.1 Cable & Wireless D 19 ms | twitter.com appears incorrect: 199.16.156.102, 199.16.156.198, 199.16.156.230, 199.16.156.38, www.google.com is hijacked: 173.194.46.115, 173.194.46.112, 173.194.46.114, 173.194.46.116, 173.194.46.113

8.8.4.4 Google Public DNS- 24 ms | twitter.com appears incorrect: 199.16.156.230, 199.16.156.198, 199.16.156.6, 199.16.156.70, www.google.com is hijacked: 74.125.225.147, 74.125.225.146, 74.125.225.148, 74.125.225.144, 74.125.225.145

4.2.2.3 Level 3/GTEI-3 26 ms | www.google.com is hijacked: 173.194.121.48, 173.194.121.49, 173.194.121.50, 173.194.121.51, 173.194.121.52, twitter.com appears incorrect: 199.16.156.102, 199.16.156.38, 199.16.156.6, 199.16.156.70

216.146.35.35 DynGuide 26 ms | www.google.com is hijacked: 74.125.225.82, 74.125.225.83, 74.125.225.81, 74.125.225.84, 74.125.225.80, NXDOMAIN Hijacking, twitter.com appears incorrect: 199.16.156.38, 199.16.156.230, 199.16.156.70, 199.16.156.6

208.67.222.222 OpenDNS-2 28 ms | twitter.com appears incorrect: 199.16.156.70, 199.16.156.38, 199.16.156.102, 199.16.156.6, www.google.com is hijacked: 74.125.225.146, 74.125.225.147, 74.125.225.144, 74.125.225.145, 74.125.225.148

156.154.70.1 UltraDNS 28 ms | www.google.com is hijacked: 74.125.228.116, 74.125.228.115, 74.125.228.114, 74.125.228.112, 74.125.228.113, NXDOMAIN Hijacking, twitter.com appears incorrect: 199.59.149.198, 199.59.150.7, 199.59.148.82, 199.59.148.10

4.2.2.1 Level 3/GTEI 29 ms | twitter.com appears incorrect: 199.16.156.70, 199.16.156.230, 199.16.156.38, 199.16.156.6, www.google.com is hijacked: 74.125.228.48, 74.125.228.52, 74.125.228.50, 74.125.228.49, 74.125.228.51

199.16.156.198, 199.16.156.6, google.com appears incorrect: 173.194.121.35, 173.194.121.36, 173.194.121.37, 173.194.121.38, 173.194.121.39, 173.194.121.40, 173.194.121.41, 173.194.121.46, 173.194.121.32, 173.194.121.33, 173.194.121.34, www.google.com is hijacked: 74.125.201.106, 74.125.201.147, 74.125.201.99, 74.125.201.103, 74.125.201.104, 74.125.201.105

– Sending 250 queries to 11 servers: 0/2750…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………..552………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………..1103…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………….1658…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………..2219…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………2750/2750

– Error querying Cable & Wireless DE-3 [141.1.1.1]: www.megaupload.com.: Timeout

– Error querying BellAtlantic-2 US [199.45.32.38]: www.megaporn.com.: Timeout

– Error querying Sprintlink-2 [199.2.252.10]: blog.yam.com.: Timeout

– Error querying Cable & Wireless DE-3 [141.1.1.1]: www.megaclick.com.: Timeout

Fastest individual response (in milliseconds):
———————————————-
Cable & Wireless ######################### 6.85501
Level 3/GTEI-3 ############################ 7.59315
OpenDNS-2 ############################ 7.65586
Level 3/GTEI ############################# 7.74908
DynGuide ############################# 7.77817
Sprintlink-2 ################################ 8.66008
BellAtlantic-2 U ################################ 8.68392
UltraDNS ################################# 8.97908
Verizon Philadel ############################################## 12.62689
Google Public DN ##################################################### 14.64987

Mean response (in milliseconds):
——————————–
Sprintlink-2 ##################### 139.66
Google Public DN ##################### 140.95
OpenDNS-2 ######################### 169.16
BellAtlantic-2 U ######################### 170.47
Cable & Wireless ########################## 175.92
UltraDNS ########################## 179.58
Verizon Philadel ############################## 207.50
DynGuide ################################ 217.10
Level 3/GTEI ################################################ 330.76
Level 3/GTEI-3 ##################################################### 367.95

Response Distribution Chart URL (200ms):
—————————————-

http://chart.apis.google.com/chart?cht=lxy&chs=720×415&chxt=x,y&chg=10,20&chxr=0,0,200|1,0,100&chd=t:0,4,5,5,6,8,12,20,35,43,50,63,78,92,105|0,0,21,32,36,40,45,49,52,56,60,64,67,71,74|0,1,1,2,5,7,9,10,13,17,22,28,40,47,55,67,81,100|0,0,13,18,23,26,30,36,40,44,48,51,55,58,62,66,69,73|0,4,5,5,6,7,8,11,13,18,28,42,50,63,70,83,109|0,0,11,22,29,33,38,42,46,50,53,57,61,65,68,72,76|0,7,8,9,10,11,13,14,18,30,43,61,118|0,0,22,50,58,62,67,71,74,78,82,85,89|0,4,4,7,8,10,12,15,39,47,54,71,89,129|0,0,4,30,52,55,60,64,68,71,75,78,82,86|0,4,5,7,8,9,12,16,35,54,65,95,122|0,0,5,27,45,52,60,64,68,71,75,78,82|0,4,5,6,7,7,9,13,19,35,65,85,120|0,0,32,45,54,58,61,65,69,72,76,80,84|0,3,4,5,6,6,9,13,36,39,44,55,71,96,114|0,0,21,40,46,51,55,59,63,66,70,74,78,82,86|0,4,5,5,6,9,12,17,34,44,46,56,75,91,122|0,0,21,31,37,41,46,49,53,56,60,64,67,71,74|0,4,5,6,7,9,14,22,36,42,55,72,101|0,0,25,49,54,58,62,65,69,73,77,81,84|0,6,7,8,10,11,13,14,15,17,19,22,25,45,51,74,92,126|0,0,12,26,31,34,39,42,46,52,56,59,63,67,71,75,78,82&chco=ff9900,1a00ff,ff00e6,80ff00,00e6ff,fae30a,BE81F7,9f5734,000000,ff0000,3090c0&chxt=x,y,x,y&chxl=2:||Duration+in+ms||3:||%25|&chdl=Level+3%2FGTEI|DynGuide|Google+Public+DNS-2|OpenDNS-2|UltraDNS|BellAtlantic-2+US|Cable+%26+Wireless+DE-3|Level+3%2FGTEI-3|Sprintlink-2|Verizon+Philadelphia+US-2

Response Distribution Chart URL (Full):
—————————————

http://chart.apis.google.com/chart?cht=lxy&chs=720×415&chxt=x,y&chg=10,20&chxr=0,0,3500|1,0,100&chd=t:0,0,0,0,0,0,1,1,2,2,3,4,4,5,6,7,9,17,29,44,59,100|0,0,21,32,36,40,45,49,52,56,60,64,67,71,74,78,82,86,89,93,96,100|0,0,0,0,0,0,1,1,1,1,1,2,2,3,3,4,5,6,7,9,11,16,26,59,100|0,0,13,18,23,26,30,36,40,44,48,51,55,58,62,66,69,73,77,80,84,88,91,95,100|0,0,0,0,0,0,0,1,1,1,2,2,3,4,4,5,6,8,10,14,18,26,35,100|0,0,11,22,29,33,38,42,46,50,53,57,61,65,68,72,76,79,83,86,90,94,97,100|0,0,0,1,1,1,1,1,1,2,2,4,7,14,19,100|0,0,22,50,58,62,67,71,74,78,82,85,89,92,96,100|0,0,0,0,0,1,1,1,2,3,3,4,5,7,11,14,24,100|0,0,4,30,52,55,60,64,68,71,75,78,82,86,89,93,96,100|0,0,0,0,0,1,1,1,2,3,4,5,7,9,10,18,29,100|0,0,5,27,45,52,60,64,68,71,75,78,82,86,90,93,97,100|0,0,0,0,0,0,1,1,1,2,4,5,7,8,10,19,60,100|0,0,32,45,54,58,61,65,69,72,76,80,84,87,91,94,98,100|0,0,0,0,0,0,1,1,2,2,3,3,4,5,7,9,14,31,100|0,0,21,40,46,51,55,59,63,66,70,74,78,82,86,89,93,96,100|0,0,0,0,0,1,1,1,2,3,3,3,4,5,7,9,11,15,26,48,96,100|0,0,21,31,37,41,46,49,53,56,60,64,67,71,74,78,82,86,89,93,96,100|0,0,0,0,0,1,1,1,2,2,3,4,6,7,9,14,100|0,0,25,49,54,58,62,65,69,73,77,81,84,88,92,96,100|0,0,0,0,1,1,1,1,1,1,1,1,1,3,3,4,5,7,9,11,18,33,100|0,0,12,26,31,34,39,42,46,52,56,59,63,67,71,75,78,82,86,89,93,97,100&chco=ff9900,1a00ff,ff00e6,80ff00,00e6ff,fae30a,BE81F7,9f5734,000000,ff0000,3090c0&chxt=x,y,x,y&chxl=2:||Duration+in+ms||3:||%25|&chdl=Level+3%2FGTEI||DynGuide|Google+Public+DNS-2|OpenDNS-2|UltraDNS|BellAtlantic-2+US|Cable+%26+Wireless+DE-3|Level+3%2FGTEI-3|Sprintlink-2|Verizon+Philadelphia+US-2

 

THIS IS WHAT YOU WANT TO NOTE:

Recommended configuration (fastest + nearest):
———————————————-
nameserver 199.2.252.10 # Sprintlink-2
nameserver 141.1.1.1 # Cable & Wireless DE-3
nameserver 4.2.2.2

******************************************************************************In this test, Sprintlink-2 is 119.6%: Faster
******************************************************************************

Some things to note:

There may be mentions of both hijacked domains and incorrect domains. This is a problem with DNS since this program was created. They are false positives on the hijacks.

Updating your DNS Servers for a Faster Internet

Let’s update our domain records and get moving faster! In Linux terminal as root:

nano /etc/resolv.conf

Delete the existing entries in /etc/resolv.conf and copy and paste the new server details from above:

nameserver 199.2.252.10 # Sprintlink-2
nameserver 141.1.1.1 # Cable & Wireless DE-3
nameserver 4.2.2.2

Save the /etc/resolv.conf file and exit. Now your DNS queries will be remarkably faster.

Other Experiments

Namebench supports testing IPv6 only DNS servers, if you are on an IPv6 enabled network!

./namebench -6

Gibson Research Corporation has a similar tool called Domain Name Speed Benchmark. It is available for Windows and works under Linux via Wine.

https://www.grc.com/dns/benchmark.htm

Domain Name Service Benchmark

DNS Benchmark

Future Discussions about DNS

  • Blocking online advertising with DNS
  • Encrypted DNS lookups to preserve your privacy