DNS responses from ISP are slower and slower, solution?

Question

Using a LAN with Linux boxes.

The responses from the ISP are slower and slower. There is no special reason for that locally, all machines experience the delays. The router did not change / neither the traffic.

I'm thinking of installing a machine with bind named to cache the DNS responses. All other boxes would resolve from that local server.

Three questions

Should I try to use the local DNS server to send requests directly to the root servers?
Or should I simply use the forwarders (to ISP NS servers)?
Any better idea, maybe, than installing a local bind server?

edit

Thanks for your inputs - don't we have privacy implications when using an external name server? This is also true for my local ISP, but the scale is much smaller.
For instance, Google knows already a lot - using their DNS would tell them all the sites visited...
Or am I becoming paranoid ;-)

score 6 · Accepted Answer · answered Aug 31 '10 at 14:46

6

I would recommend trying a different nameserver. You can find out which one is best for you using namebench. This runs tests against various public nameservers to find which one is ideal for your location/connection.

Or you can just try google at 8.8.8.8 and 8.8.4.4.

answered Aug 31 '10 at 14:46

Kyle Brandt

83,619
74
305
448

In this case, installing locally a `bind` to cache the new name servers responses wouldn't hurt? – Déjà vu Aug 31 '10 at 15:00
Discovered namebench the other day, it's just awesome. – ThatGraemeGuy Aug 31 '10 at 15:04
@ring0: Nope that is not a bad idea. In fact if you are not caching with linux every single query will take an extra 5 seconds to failover to the second server in `resolv.conf`. – Kyle Brandt Aug 31 '10 at 15:20
And what about privacy concerns (**edit** of the question)? – Déjà vu Sep 01 '10 at 04:32

score 3 · Answer 2 · answered Aug 31 '10 at 14:45

Any possibility of falling back to OpenDNS or Google DNS?

When I was in university, my dorm-provided connection had the same issues. I ran TreeWalk for a long time, which was nice. I fell back on OpenDNS later and mostly haven't looked back since.

score 2 · Answer 3 · answered Aug 31 '10 at 16:06

2

Bind as caching DNS server is overkill. My favorite is pdnsd.

answered Aug 31 '10 at 16:06

halp

2,208
1
20
13

score 2 · Answer 4 · answered Sep 01 '10 at 15:00

Personally (since this is actually what I do) I'd go for the local caching resolver option (either BIND or Unbound) without forwarders and enable DNSSEC.

This will:

give you DNSSEC even though your ISP probably doesn't support it (yet), hence:
prevent your ISP from pulling Stupid DNS Tricks on you (e.g. NXDOMAIN rewriting)

Chris S · Answer 5 · 2010-08-31T14:51:21.430

1

It's up to you if you use forwarders like the free 4.2.2.2 to 4.2.2.4 or Google's 8.8.8.8.
Forwarders may give better performance, but will depend on how you have caching configured and the particular DNS servers involved.
It might be simpler to point your computers at a publicly available DNS server like the ones listed above, than to run your own BIND server.

edited Aug 31 '10 at 14:51

answered Aug 31 '10 at 14:45

Chris S

77,945
11
124
216

score -2 · Answer 6 · answered Sep 01 '10 at 15:28

-2

You could also try dnscache. There are examples on the official website for it as well, which might be useful. http://cr.yp.to/djbdns/dnscache.html

answered Sep 01 '10 at 15:28

Mohit Chawla

486
1
4
11

DNS responses from ISP are slower and slower, solution?

6 Answers6