Google DNS

[GT500]

Gigabit Internet? I'd be in Internet heaven (at least if it was reliable, which is the real issue with ISP's where I live).

Seriously though, I DO NOT trust Google enough to want Internet service from them. Or, at least, if I did have Google Fiber I would be using OpenDNS instead of Google's DNS. I'm fairly certain they can't filter my DNS requests when I have my router set to use OpenDNS, although they will still be able to log what IP's you are connecting to over your Internet connection. Although if they filter HTTP traffic (at least to capture the HTTP headers), then they can get the domain name anyway, so perhaps using a third-party DNS wouldn't help any...

[David H. Lipman]

I never trust Google but I do find Google DNS quite fast and I don't see a problem using it even if they log DNS queries.  Them having the full data pipe, that's another story.

 

I have tried OpenDNS.  When they blocked access to a white hat site at the University Mannheim and they indicated it could 72hrs to unblock them, I dumped OpenDNS ASAP and haven't looked back.

[GT500]

Since I was able to (finally) get rid of their stupid search that comes up when a DNS record isn't found, OpenDNS has been OK for me. At least I trust it more than my ISP's DNS (they just aren't reliable), and I trust Google far less than OpenDNS as well.

I do have VirtualBox on my server, so I guess I could set up my own DNS servers, however I can only use NAT mode for some reason (seems to be no Internet connection in bridged mode) so I have to assume that performance wouldn't be great if I did that.

[David H. Lipman]

The Former GTE DNS Servers, now with Level 3 Communications, are reliable, fast and public (no filtering though like OpenDNS).

• 4.2.2.1
• 4.2.2.2
• 4.2.2.3
• 4.2.2.4
• 4.2.2.5
• 4.2.2.6

I use;  4.2.2.1  and  4.2.2.3

[AdvancedSetup]

Topic was split from here: Google Fiber: Why you need to get online 100 times faster.. as it was straying off topic.

 

Please continue the discussion on DNS here if you like.  Thanks

 

Here is a tool to test speed results for DNS you may be interested int. 

Domain Name Speed Benchmark

[GT500]

That was an interesting tool:

[hoople]

There's also namebench https://code.google.com/p/namebench/

Personally, I have 8.8.8.8/8.8.4.4 and both of my ISP's DNS servers entered.

[David H. Lipman]

Danke Hoople.

[AdvancedSetup]

Just a word of caution though that if you're running your own Windows Active Directory you do not want to point to an outside DNS server as the first servers in your list otherwise internal lookups will be slow as heck.  You can add them as a secondary but you should be pointing to your own local DNS server in most cases.

[David H. Lipman]

Ron,

You are absolutely correct.  I just did two AD Domain Controllers in two separate Borough facilities (SuperStorm Sandy recovery program for a NJ Borough *badly* devastated by Sandy).  A Netgear Router performed DHCP so I had to statically setup the DNS servers.  Assuming the ¹Domain Controller was 192.168.1.4, the workstation's DNS table were...

 

192.168.1.4

8.8.8.8

4.2.2.3

8.8.4.4

4.2.2.1

 

If I did not have the local DNS server in the computer's DNS table, I had difficulty adding the systems to the Domain (make the computers "domain participants") and Group Policies were not pushed to the Domain Participants.  Once the computers were statically set, as above, everything worked flawlessly.

 

---

1.  The Domain Controller was the local DNS Server and WINS server.

[AdvancedSetup]

Yeah, I still use WINS myself though in a pure DNS shop one "should" not need to anymore but there are still applications out there that do expect to communicate with NETBIOS calls.

[David H. Lipman]

I had Ricoh all-in-one Printers where the user's can scan to a SMB Share ( BTW: I always use Hidden Shares ) and thus WINS "helped".

[AdvancedSetup]

Most printers now days seem to have one or more models that do support that feature and I too will typically use a hidden share for items like that or manage the permissions as often its only a small department of users that are using that feature.  Don't think most printers are all that good at DNS and networking overall - they seem to put in just enough to get by.  But not the same with their software - WOAH!! they'll bog you down with hundreds of MB of useless software if you let them.

[David H. Lipman]

WOAH!! they'll bog you down with hundreds of MB of useless software if you let them.

 

I'll drink to that !

[daledoc1]

Sheesh, guys!

 

I read this thread and I say to myself, "Self, how do these possibly guys know SO MUCH about all this networking and other computer stuff?!?!?!"

I feel like such an old geezer.

But I do learn oodles trying to decipher the secret computer geek-speak.

 

The other observation: YES, for home printers, the BLOATWARE is beyond all bloviating boundaries of ballooning, hyperbolized, overblown embellishment.

300-400 MB for an HP all-in-one - sadly, it's no smaller for a modern model than it was for my last one, nearly 10 years ago.

By contrast, I had occasion today to install a network office copier/printer on my new lappy: a mere 40 MB and done & 1 port setting. No muss, no fuss.

 

 

[AdvancedSetup]

Off-Topic so if we want to continue on printers I can move this part to it's own topic :-)

 

Yes, typically one needs to try to locate a "driver only" installer when possible or copy the installer to disk and then rename the setup.ini or similar name so that it does not auto run all the software.  Though this can be a rather daunting task for the average home user with little experience doing such.  Then they often will have an advanced feature to disable all that software but the HP one is actually pretty well hidden from the user clicking Advanced (some malware writers could probably learn to hide like HP does on their installer) and deselect the other items.   Then hopefully all you get is the bare bones driver needed to talk to the printer and actually print.

[daledoc1]

Sorry - I was just picking up on the comment in reply #13.

No need to split to new thread.

It was just a casual observation...

 

My bad.

 

<crawls back under rock>

[AdvancedSetup]

No problem - just didn't want to break off-topic rules myself.

 

Some users may find this of value too for doing Dynamic DNS at home

 

Best Free Dynamic DNS Services in 2013

[GT500]

Isn't this whole section off-topic?

Anyway, I guess the real question is, if my router has a DNS cache then does it matter what DNS servers I set it to use? I guess it would if I was trying to visit a website with a domain that wasn't in my router's DNS cache, so the real question is what does it cache?

[David H. Lipman]

GT500:

 

I'll try to respond later in the day.

[John L. Galt]

The first part of the question from GT500 is easy to answer - it will still matter which servers you use even if you have a local cache on your router.

 

Picking a slow server (not good when it takes 3 seconds to look up a site and 0.5 to load) / a server prone to errors (Not good if you are trying to visit Google Play and get redirected to the Playboy Channel) / a server with over aggressive blocking policies (Not good when you try to

access to a white hat site at the University Mannheim

 

and get blocked) - will run you the risk of you not being able to access (at the very least, in a timely manner) any site that you try to access that is not already in the local cache.

 

I know the Dave will expand upon this.

 

FWIW, I have used Gibson's DNS checker utility several times, and I usually end up staying with OpenDNS or else my ISPs - I've found that the Google DNS while fast has almost *always* given me fits at some point in time when I've used it extensively.

[ShyWriter]

Here is a tool to test speed results for DNS you may be interested int. 

Domain Name Speed Benchmark

 

Good ol' Steve Gibson.. (author of the mentioned DNS Benchmark program)   Wish I was smart as he is (without his attitude) and could code in assembly language..

 

That guy is one of those obnoxious "geniuses" that is both brilliant and narcissistic as well as a pain in M$'s (mostly) and others injustices when it comes to holes in software, etc.. I've "known" that guy since the earliest days of SPINRITE, his main claim to fame and money generator. I used to use his stuff all the time but hadn't heard him doing anything recently until this DNS program. I'm running it now after I changing from Time Warner's DNS servers to @David's GTE DNS (same #'s as he's using) to one of the OpenDNS and one of the BHN DNS after running the time-lag/optimize for DNS program from Gibson. :blush:

 

Thanks for the info @Ron.. and @David..

 

Steve

Edited January 30, 2014 by ShyWriter

[David H. Lipman]

I promised I would revisit this thread...

 

I apologize but I'll start by referencing a previous post of mine relative to DNS servers.

 

While there *may* be a Router (SOHO or Enterprise) that "caches DNS", that's not really what they do.  It is the computer that caches DNS and that "local" DNS cache can be purged by the command line "ipconfig  /flushdns".

 

A Router's WAN address will either be statistically set or dynamically configured.  When the WAN IP address is dynamically set the operator can manually override the DNS Server with ones that the user desires.  If one gets a static IP from their ISP they will be provided with the IP address, IP Network mask, IP gateway and the DNS servers associated with the sub-net that the user is attached/assigned to and the operator has to manually set all that up for the WAN.   My previous post shows examples of how you can tell if your computer which uses DHCP from the Router is provided the DNS Servers or if your DNS requests are forwarded.

 

The Router will usually also have a DHCP Service.  This will provide the LAN hosts their IP address but will also provide the LAN gateway address, the Netmask and the DNS Server(s).  Depending on the Router the DHCP Server will either provide the DNS Servers that were provided to the WAN IP address or will forward DNS queries through the Router to the WAN IP assigned addresses.

 

One thing to note about SOHO Routers and SOHO Ethernet switches is that they WILL be slower than their Enterprise cousins.  This can be expressed as a "hop" and a time delay called an "introduced latency".  This is a time in nanoseconds. (ns).  The slower the device the larger that time will be.  Thus one can say a latency of 40ns is longer that a latency of .10ns.  While this time may seem small, it adds up as a function of the number of packets.  The reason I bring this up is if the Router forwards the DNS Queries then you have just introduced a time delay.   Example:  The user wants to go to Yahoo.Com.  The LAN node used DHCP to supply the DNS Server(s) and the Router indicated the IP address of the Router is the IP address of the DNS Server.  If the Router IP address is 192.168.1.1 then you will see the DNS server is  192.168.1.1.  The PC does an IP query on Yahoo.Com and goes to 192.168.1.1 and but the Router does NOT do DNS and it just forwards the DNS query to the DNS Servers set to the WAN IP.  Lets say that the first one in the DNS table is Google's 8.8.8.8 and it responds.  It sends the DNS query results back to the WAN IP.  The Router then forwards the results back to the LAN node making the IP query for  Yahoo.Com.   When you statically set the DNS server, such as Google's 8.8.8.8, on the PC the Router does NOT forward the query as the query is sent directly to the Google DNS Server.  The Router is NOT acting like a "middle man"] and thus the DNS query is quicker.

 

Just for the hell of it, I will add another subject corresponding to what was added in posts #10 and #11, called WINS.

 

DNS and WINS are similar in that they work with IP addresses but differ as to the NAMES that are associated to the IP address.

 

Going back to the days of early Local Area Networking (LAN) and a Network Operating System (NOS) called LAN Manager.  That introduced a construct for sharing data over a Local are Network (LAN) through a Network Basic Input/Output System or NetBIOS.  There were two transports most often used, NetBEUI and NetBIOS over IP.  In a flat network with no sub-nets NetBEUI can be used.  In a larger network with multiple sub-nets TCP/IP is used to transport NetBIOS calls and is known as "NetBIOS over IP" and uses ¹TCP/UDP ports 135 ~ 139 and 445.

 

When a computer has to translate a name to an IP address it is either an Internet address, such as Yahoo.Com, or a NetBIOS name like Marys-PC.  In My previous post on DNS I mentioned a static table called the hosts file.  This is located in the ./etc folder and  ( etc/hosts or .\etc\hosts ).  Name resolution in WINS is like DNS and thus the computer has a comparable NetBIOS name static table and it is called the lmhosts file.  The hosts file and the lmhosts file are located in...

C:\Windows\System32\drivers\etc

 

The windows OS comes with a sample lmhosts file and it is there called lmhosts.sam ( the active file must be named .\etc\lmhosts  with no file extension).

 

Often we may define an Active Directory Domain Controller in the lmhosts file such as the below example...

 

192.168.1.4    My-Domain-Controller    #PRE  #DOM:My-AD-Domain_Name

 

 

---

1.  Since Routers use Network Address Translation (NAT) to go between the WAN IP and the possible 253 (or more) LAN addresses, Routers can implement simplistic Firewall constructs or may include a full Firewall implementation.  Even on SOHO Routers the simplistic Firewall constructs include port blocking.  On networks where I specifically use "Network Shares" and thus NetBIOS over IP, I will specifically BLOCK  TCP and UDP ports 135 ~ 139 and 445 on the Router.