On 01/02/2014 08:18 PM, John Andersen wrote:
Naw, just put an old ethernet hub between the router and your provider, then ethereal scanning for dns hits. I did this a couple years ago when testing my in-house bind vs the dns cache in a router.
Even the lamest old router I had did some amount of caching, but it was dramatically better running bind than the best router. It would literately cash for days and days, where as the hardware router would exceed its tables often within 10 minutes, sometimes on the same page, when pre-fetch is turned on in browsers, and you pull up a page like google news.
JA has it right. The following setup is almost impossible to beat: WAN LAN ----[router]---------[hub]---[rest of local subnet] | \ All but desired bind/dhcpd/server Ports Blocked authoritive/caching I run an old linksys wifi router and disable all dhcp, etc. I have one box that runs bind with dhcpd providing dynamic updates. The setup is relatively simple and once setup it will provide years of service. As for which servers to use for DNS, I just conducted a small test while writing the article. In bind, external DNS server addresses are controlled with the forwarders statement. So I conducted a test between my ISP, openDNS, google, etc.. Here are the results (after named restart - no cache; using 'dig @my.server.com trinitydesktop.org'): 17:23 alchemy:~> dig @nirvana.3111skyline.com trinitydesktop.org ; <<>> DiG 9.7.6-P4 <<>> @nirvana.3111skyline.com trinitydesktop.org ; (1 server found) <snip> My ISP: forwarders { 208.180.42.100; 208.180.42.68; 68.1.208.30; }; ;; Query time: 88.9 msec OpenDNS: forwarders { 208.67.220.220; 208.67.222.222; 208.180.42.100; }; ;; Query time: 60.0 msec forwarders { 208.67.222.222; 208.67.220.220; 208.180.42.100; }; ;; Query time: 74.4 msec Google: forwarders { 8.8.8.8; 8.8.4.4; 208.180.42.100; }; ;; Query time: 92.9 msec Now, once an address is in cache, then the *dramatic* advantage of using cache can be seen on the second call to named using dig. For all addresses queried and in cache, the Query time was: ;; Query time: 2 msec The test is completely unscientific, no account for network traffic, number of hops, etc., but on balance the best *initial* response times were about 60ms while the worst were about 90ms. What is important though is to note how *dramatic* the Query times were reduced once the address was in cache. Now also note, that even over a wireless link, the round trip ping times to the server to receive the result were on the order of (time=0.692 ms). So running an additional caching service on each local machine, in addition to the nameserver, would be an effort in futility. I would be interested to see what others see with dsnmasq (or other caching services) versus bind and also what initial and cached Query times you see with other DNS servers. -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org