Mailinglist Archive: opensuse (1420 mails)

< Previous Next >
Re: [opensuse] optimizing resolv.conf
On 01/02/2014 08:18 PM, John Andersen wrote:
Naw, just put an old ethernet hub between the router and your provider, then
ethereal scanning for dns hits.
I did this a couple years ago when testing my in-house bind vs the dns cache
in a router.

Even the lamest old router I had did some amount of caching, but it was
dramatically better running bind
than the best router. It would literately cash for days and days, where as
the hardware router would
exceed its tables often within 10 minutes, sometimes on the same page, when
pre-fetch is turned on
in browsers, and you pull up a page like google news.

JA has it right. The following setup is almost impossible to beat:

WAN LAN
----[router]---------[hub]---[rest of local subnet]
| \
All but desired bind/dhcpd/server
Ports Blocked authoritive/caching

I run an old linksys wifi router and disable all dhcp, etc. I have one box
that runs bind with dhcpd providing dynamic updates. The setup is relatively
simple and once setup it will provide years of service. As for which servers to
use for DNS, I just conducted a small test while writing the article. In bind,
external DNS server addresses are controlled with the forwarders statement. So I
conducted a test between my ISP, openDNS, google, etc.. Here are the results
(after named restart - no cache; using 'dig @my.server.com trinitydesktop.org'):

17:23 alchemy:~> dig @nirvana.3111skyline.com trinitydesktop.org

; <<>> DiG 9.7.6-P4 <<>> @nirvana.3111skyline.com trinitydesktop.org
; (1 server found)
<snip>

My ISP:

forwarders { 208.180.42.100; 208.180.42.68; 68.1.208.30; };
;; Query time: 88.9 msec

OpenDNS:

forwarders { 208.67.220.220; 208.67.222.222; 208.180.42.100; };
;; Query time: 60.0 msec

forwarders { 208.67.222.222; 208.67.220.220; 208.180.42.100; };
;; Query time: 74.4 msec

Google:

forwarders { 8.8.8.8; 8.8.4.4; 208.180.42.100; };
;; Query time: 92.9 msec

Now, once an address is in cache, then the *dramatic* advantage of using cache
can be seen on the second call to named using dig. For all addresses queried and
in cache, the Query time was:

;; Query time: 2 msec

The test is completely unscientific, no account for network traffic, number of
hops, etc., but on balance the best *initial* response times were about 60ms
while the worst were about 90ms. What is important though is to note how
*dramatic* the Query times were reduced once the address was in cache. Now also
note, that even over a wireless link, the round trip ping times to the server to
receive the result were on the order of (time=0.692 ms). So running an
additional caching service on each local machine, in addition to the nameserver,
would be an effort in futility. I would be interested to see what others see
with dsnmasq (or other caching services) versus bind and also what initial and
cached Query times you see with other DNS servers.

--
David C. Rankin, J.D.,P.E.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
This Thread