DNS Benchmark

[rolf]

My ISP, Comcast, is deploying DNSSEC, which even I can tell makes for more secure dns, such as is claimed,

DNSSEC was designed to deal with cache poisoning and a set of other DNS vulnerabilities such as "man in the middle" attacks and data modification in authoritative servers. Its major objective is to provide the ability to validate the authenticity and integrity of DNS messages in such a way that tampering with the DNS information anywhere in the DNS system can be detected. This is the kind of protection that DNS desperately needs.

[DNS] Comcast Completes DNSSEC Deployment is the thread at dslreports.com where I saw about this and NetFixer's post in that thread is where I hear about Steve Gibson's Domain Name Speed Benchmark. I had already tried namebench and set static dns in my Linksys with those results.

Code: Select all

Try out namebench. It hunts down the fastest DNS servers available for your
computer to use. namebench runs a fair and thorough benchmark using your web
browser history, tcpdump output, or standardized datasets in order to
provide an individualized recommendation. namebench is completely free and
does not modify your system in any way. This project began as a 20% project
at Google.

I wanted to try Gibson's "machine language" artistry but it's an exe, which is where this becomes a post about Linux. I happen to have the Oracle VirtualBox installed and have mastered that sufficiently to have added a "network drive", where I can easily put downloads or other files while running Mandriva, then use them once XP in VB is fired up. (I'm impressed with how polished Oracle's VB is and use it monthly for a "Go To Meeting" event that is windows-only software. ) So, I put the ~167kb file over there, started my XP machine, and...

Judging from that, I set up the static dns settings in the Tomato firmware...

[viking60]

Interesting I have played arround with OpenDns but only on my computer since I have not been able to implement it in my speedtouch software.
This namebench thing is good since it picks the fastest.

[Snorkasaurus]

Look at me resurrecting yet another thread...

I just wanted to add that using DNS services such as OpenDNS means that you are potentially subject to any DNS poisoning that they impose on you. I tried OpenDNS a long time ago and abandoned it because incorrectly typed URLs or invalid URLs were redirected to an OpenDNS search page (which just seemed like an advertising ploy to me).

Another great [and cheap] way to improve DNS on your local LAN is to run a caching DNS server inside your network. Windows server versions have a DNS server built in to them *cringe* and Linux has a number of DNS packages that can do the job. I personally like dnsmasq because it runs quite fast and is really easy to configure and maintain. The pfSense firewall distro uses dnsmasq as its forwarding agent. Having your own caching DNS server also gives you the ability to block malware, junkware, beaconware, trackware, adware, and whateverware by intentionally poisoning your own DNS. For example, if you knew that bjoernvold.com had loads of pornography (just kidding) you could add an entry on your DNS server pointing it to 127.0.0.1 and any clients on your LAN would not be able to reach the site.


HF!
Snork.

[viking60]

I tried OpenDNS a long time ago and abandoned it because incorrectly typed URLs or invalid URLs were redirected to an OpenDNS search page (which just seemed like an advertising ploy to me).

I think you can control that behavior in the OpenDNS dashboard.

In any case encrypting my traffic from the ISP who is forced to share it with the government agencies, is a good reason for using it.

On the other hand; if they can compromise Microsoft and Google the probably have done so with OpenDNS too.

The makes the own server solution even more sensible.