OpenDNS nameservers -- Opinions Sought - Mandriva

This is a discussion on OpenDNS nameservers -- Opinions Sought - Mandriva ; On Tue, 19 Feb 2008 10:44:01 -0500, Whiskers wrote: > Perhaps there are some clues in man resolvconf (note the absence of a dot > in that name). The resolvconf utility uses the files in /etc/resolvconf/resolv.conf.d, head, base, and tail, ...

+ Reply to Thread
Page 2 of 3 FirstFirst 1 2 3 LastLast
Results 21 to 40 of 52

Thread: OpenDNS nameservers -- Opinions Sought

  1. Re: OpenDNS nameservers -- Opinions Sought

    On Tue, 19 Feb 2008 10:44:01 -0500, Whiskers wrote:

    > Perhaps there are some clues in man resolvconf (note the absence of a dot
    > in that name).


    The resolvconf utility uses the files in /etc/resolvconf/resolv.conf.d,
    head, base, and tail, plus the information returned from the starting
    of a network interface, which can return dns from a dhcp server, or
    hard coded ip addresses in /etc/sysconfig/network-scripts/ifcfg-* file,
    or /etc/ppp/options.

    The easiest way to ensure a specific nameserver is always in the generated
    /etc/resolv.conf file, is to edit the appropriate resolv.conf.d file.

    In my case, I want the server on localhost prepended to the ip addresses
    returned from the dhclient for ppp0, so I have

    $ cat /etc/resolvconf/resolv.conf.d/head
    # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
    # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
    nameserver 127.0.0.1

    Note that the warning message in the head file applies to the generated
    /etc/resolv.conf file, not the actual head file.

    # grep dns /etc/ppp/options
    usepeerdns

    This results in
    $ cat /etc/resolv.conf
    # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
    # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
    nameserver 127.0.0.1
    nameserver 216.240.0.1 # ppp temp entry
    nameserver 216.240.1.1 # ppp temp entry

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)

  2. Re: OpenDNS nameservers -- Opinions Sought

    On Tue, 19 Feb 2008 16:00:13 +0000, Bit Twister wrote:

    > On Tue, 19 Feb 2008 15:24:57 +0000, Whiskers wrote:
    >>
    >> I've been using it for about a year, with no difficulty at all. Not
    >> 'registered', I just put the IP numbers into Mandriva's 'Network'
    >> settings via MCC. (In Mdv2008 the only way to check or change the
    >> settings seems to be to 'Set up a new network interface', which is a
    >> bad arrangement; earlier versions allowed you to change existing
    >> network settings).

    >
    > Or just edit /etc/sysconfig/network-scripts/ifcfg-eth0 or -eth1 and
    > change DNSx= values.
    >
    > service network restart would set the new value in /etc/resolv.conf
    >
    > For testing, just change /etc/resolv.conf, save, test,....


    Warning, bitch mode on.

    I started working with resolv.cfg back in the dos days 15 or more years
    ago. Simple, modify it for changes. Customize it for special and/or faster
    lookups, etc. I had control over everything. Now they've gone and screwed
    with something so simple and complicated it so now I have to try and
    remember wtf files they have that overwrite my changes all the time. Does
    anyone besides me wish they would have left well enough alone? I suppose
    there's some way to disable what they've done, but why should you be
    subjected to having to find out what it is. As can be noted here, all
    they've done is confused the users. I moved away from windows for this
    same thing. Stop messing with simple things that have worked for years.

    And now back to your regularly scheduled........

    --
    Want the ultimate in free OTA SD/HDTV Recorder? http://mythtv.org
    My Tivo Experience http://wesnewell.no-ip.com/tivo.htm
    Tivo HD/S3 compared http://wesnewell.no-ip.com/mythtivo.htm
    AMD cpu help http://wesnewell.no-ip.com/cpu.php

  3. Re: OpenDNS nameservers -- Opinions Sought

    On Tue, 19 Feb 2008 16:56:40 +0000, Whiskers wrote:

    > My versions of ifcfg-eth* don't have a line starting DNSx= (but they do
    > have a line PEERDNS=yes).


    Guessing your connection is dhcp, not static. Sorry I forgot about
    dhcp users.

    dhcp users would need to add the opendns servers to
    /etc/resolvconf/resolv.conf.d/head
    to override values from ISP dhcp server.


    $ cat /2007_1/etc/sysconfig/network-scripts/ifcfg-eth0
    DEVICE=eth0
    IPADDR=192.168.1.135
    NETMASK=255.255.255.0
    NETWORK=192.168.1.0
    BROADCAST=192.168.1.255
    ONBOOT=yes
    METRIC=10
    MII_NOT_SUPPORTED=yes
    USERCTL=yes
    DNS1=192.168.1.1
    RESOLV_MODS=no
    IPV6INIT=no
    IPV6TO4INIT=no

    $ cat /2008_1/etc/sysconfig/network-scripts/ifcfg-eth1
    DEVICE=eth1
    BOOTPROTO=static
    IPADDR=192.168.1.131
    NETMASK=255.255.255.0
    GATEWAY=192.168.1.1
    ONBOOT=yes
    METRIC=10
    MII_NOT_SUPPORTED=no
    USERCTL=no
    DNS1=192.168.1.131
    DOMAIN=home.test
    RESOLV_MODS=yes
    IPV6INIT=no
    IPV6TO4INIT=no

  4. Re: [ OT ] OpenDNS nameservers -- Opinions Sought

    On Tue, 19 Feb 2008 17:25:24 GMT, Wes Newell wrote:
    >
    > Warning, bitch mode on.
    >
    > I started working with resolv.cfg back in the dos days 15 or more years
    > ago. Simple, modify it for changes. Customize it for special and/or faster
    > lookups, etc. I had control over everything.


    You still do.
    Just not from the gui interface.

    > Now they've gone and screwed
    > with something so simple and complicated it so now I have to try and
    > remember wtf files they have that overwrite my changes all the time.


    Yes, been there. I now have an ascii file containg some key works and
    file or command and/or data.
    Any time I have to research something, I add it to my unix.help file.

    I have a script to allow me to search for key works to locate an item.
    Current example, I needed name of the resolver daemon directory, I
    remembered it used head and tail files so:

    $ uh res head
    dns resolver directory /etc/resolvconf/resolv.conf.d/ (base, head, tail)

    Another example:

    $ uh resolv.co
    prevent overwrite resolv.conf add PEERDNS=no to /etc/sysconfig/network-scripts/ifcfg-X
    dns resolver directory /etc/resolvconf/resolv.conf.d/ (base, head, tail)
    dns resolver tail /etc/resolvconf/resolv.conf.d/tail
    eth0 dns resolution /etc/resolv.conf


    > As can be noted here, all
    > they've done is confused the users.


    Just the users who knew now it used to work.
    The newbies and gui users do not have this problem.

    Oh, by the way, you might want to note this command
    $ less $(locate /sysconfig.txt)

    Locate will find the file I call the Rosetta Stone for config files.

    For anyone wanting to see my unix help (uh) script.
    http://groups.google.com/group/alt.o...4e0cb1b38563f2


  5. Re: OpenDNS nameservers -- Opinions Sought

    On 2008-02-19, Bit Twister wrote:
    > On Tue, 19 Feb 2008 16:56:40 +0000, Whiskers wrote:
    >
    >> My versions of ifcfg-eth* don't have a line starting DNSx= (but they do
    >> have a line PEERDNS=yes).

    >
    > Guessing your connection is dhcp, not static. Sorry I forgot about
    > dhcp users.
    >
    > dhcp users would need to add the opendns servers to
    > /etc/resolvconf/resolv.conf.d/head
    > to override values from ISP dhcp server.


    In my case, the local DHCP is hosted by the router - which has the OpenDNS
    servers configured into it (for telling local machines which servers to
    use - the router is not itself a DNS server).

    My ISP connection is 'static IP' and the ISP's servers offer no automated
    DNS configuration. The ISP does offer DNS servers, but they have to be
    configured manually by by each customer.

    [...]

    --
    -- ^^^^^^^^^^
    -- Whiskers
    -- ~~~~~~~~~~

  6. Re: [ OT ] OpenDNS nameservers -- Opinions Sought

    On Tue, 19 Feb 2008 18:41:18 +0000, Whiskers wrote:

    > In my case, the local DHCP is hosted by the router - which has the OpenDNS
    > servers configured into it (for telling local machines which servers to
    > use - the router is not itself a DNS server).


    Downside to that is if a router is cracked by a black hat who changes
    the DNS values, all look ups go through black hat's servers.

    I also saw my router DNS values wiped out by my ISP pushing out a
    router update.

  7. Re: OpenDNS nameservers -- Opinions Sought

    On 2008-02-19, Wes Newell wrote:
    > On Tue, 19 Feb 2008 16:00:13 +0000, Bit Twister wrote:
    >
    >> On Tue, 19 Feb 2008 15:24:57 +0000, Whiskers wrote:
    >>>
    >>> I've been using it for about a year, with no difficulty at all. Not
    >>> 'registered', I just put the IP numbers into Mandriva's 'Network'
    >>> settings via MCC. (In Mdv2008 the only way to check or change the
    >>> settings seems to be to 'Set up a new network interface', which is a
    >>> bad arrangement; earlier versions allowed you to change existing
    >>> network settings).

    >>
    >> Or just edit /etc/sysconfig/network-scripts/ifcfg-eth0 or -eth1 and
    >> change DNSx= values.
    >>
    >> service network restart would set the new value in /etc/resolv.conf
    >>
    >> For testing, just change /etc/resolv.conf, save, test,....

    >
    > Warning, bitch mode on.
    >
    > I started working with resolv.cfg back in the dos days 15 or more years
    > ago. Simple, modify it for changes. Customize it for special and/or faster
    > lookups, etc. I had control over everything. Now they've gone and screwed
    > with something so simple and complicated it so now I have to try and
    > remember wtf files they have that overwrite my changes all the time. Does
    > anyone besides me wish they would have left well enough alone? I suppose
    > there's some way to disable what they've done, but why should you be
    > subjected to having to find out what it is. As can be noted here, all
    > they've done is confused the users. I moved away from windows for this
    > same thing. Stop messing with simple things that have worked for years.
    >
    > And now back to your regularly scheduled........


    A few years ago, when I was using HatRed, I made a script
    called fixresolvconf to fix /etc/resolv.conf to what _I_
    wanted it to contain after the system utilities had messed
    it up. I ran that from rc.local and manually as needed.

    HTH

    --
    Robert Riches
    spamtrap42@verizon.net
    (Yes, that is one of my email addresses.)

  8. Re: [ OT ] OpenDNS nameservers -- Opinions Sought

    On Tue, 19 Feb 2008 19:19:48 GMT, Robert M. Riches Jr. wrote:
    >
    > A few years ago, when I was using HatRed, I made a script
    > called fixresolvconf to fix /etc/resolv.conf to what _I_
    > wanted it to contain after the system utilities had messed
    > it up. I ran that from rc.local and manually as needed.


    Bad location there if network is restarted.

    Now adays, on Mandriva, you would put the script in
    /etc/sysconfig/network-scripts/ifup.d/

    Or for use on Fedora and Mandriva you would create a /sbin/ifup-local
    to do clean up.

    I used to use my /sbin/ifup-local to put my dhcp address in /etc/hosts,
    modify /etc/shorewall/params file and strip the search ISPs_domain
    line from resolv.conf.

  9. Re: OpenDNS nameservers -- Opinions Sought

    On Tue, 19 Feb 2008 16:00:13 +0000, Bit Twister wrote:

    > On Tue, 19 Feb 2008 15:24:57 +0000, Whiskers wrote:
    >>
    >> I've been using it for about a year, with no difficulty at all. Not
    >> 'registered', I just put the IP numbers into Mandriva's 'Network'
    >> settings via MCC. (In Mdv2008 the only way to check or change the
    >> settings seems to be to 'Set up a new network interface', which is a
    >> bad arrangement; earlier versions allowed you to change existing
    >> network settings).

    >
    > Or just edit /etc/sysconfig/network-scripts/ifcfg-eth0 or -eth1 and
    > change DNSx= values.
    >
    > service network restart would set the new value in /etc/resolv.conf
    >
    > For testing, just change /etc/resolv.conf, save, test,....


    Hi Bit Twister, et al. I figured out how to work with resolvconf a while
    back and decided today to put the information on my company technical blog
    after following this thread. Feel free to plagiarize me.

    http://blog.eracc.com/?p=21

    Gene (e-mail: gene \a\t eracc \d\o\t com)
    --
    Mandriva Linux release 2007.1 (Official) for i586
    Got Rute? http://www.anrdoezrs.net/email-25465...sbn=0130333514
    ERA Computers & Consulting - http://www.eracc.com/
    Preloaded PCs - eComStation, Linux, FreeBSD, OpenServer & UnixWare

  10. Re: OpenDNS nameservers -- Opinions Sought

    Whiskers wrote:
    > On 2008-02-19, Jim Beard wrote:
    >> On Tue, 19 Feb 2008 01:56:18 +0000, Bit Twister wrote:
    >>
    >>> On Tue, 19 Feb 2008 01:26:27 GMT, Jim Beard wrote:
    >>>> There are several problematic points about my attempt. I simply added
    >>>> the two servers to resolv.conf.
    >>>

    >> [jim@localhost etc]$ cat resolv.conf
    >> search home.invalid
    >>
    >> nameserver 192.168.0.1
    >> # nameserver 208.67.222.222
    >> # nameserver 208.67.222.220

    >
    > [...]
    >
    > Looks to me as though you have set up Mandriva (when creating your network
    > settings via MCC?) to use your 'router' as the primary DNS server. Does
    > it actually function as one? What DNS servers is the router using?


    Yes, the router (D-Link DI624) handles DNS. It uses the Verizon
    DNS servers.

    > Just
    > as the comment at the top of the file says, any changes you make to
    > resolv.conf will be overwritten - using the settings you have made
    > "elsewhere", which in Mandriva seems to mean via the GUI tools).


    Yes, and no. I can make changes in resolv.conf, and they will be
    picked up and used immediately. A reboot will wipe them out, and I
    think there may some other mechanism that will wipe them out and
    restore the settings "made elsewhere." But for temporary testing,
    entering the nameservers works fine.
    >
    > Perhaps there are some clues in man resolvconf (note the absence of a dot
    > in that name).


    Actually, I think there are some clues in /var/run/resolvconf, but
    I don't think I need to tinker with that until I know I want the
    change to be permanent.

    > Here's my resolv.conf as created by 'something in Mandriva':
    >
    > [mark@tavy ~]$ cat /etc/resolv.conf
    > # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
    > resolvconf(8)
    > # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
    > nameserver 208.67.222.222
    > nameserver 208.67.220.222
    > [mark@tavy ~]$
    >
    > Notice that the difference between those two IP addresses is in the
    > penultimate triplet, not in the last one.
    >

    [The OpenDNS] nameservers are 208.67.222.222 and 208.67.220.220,
    according to their website instructions. The two I used earlier
    were from BitTwister, and I may have mistyped something. Or,
    OpenDNS may have more addresses than listed in any one place. But
    my top one was correct in any case. Should have worked.

    Cheers!

    jim b.

    --
    UNIX is not user-unfriendly; it merely
    expects users to be computer-friendly.

  11. Re: OpenDNS nameservers -- Opinions Sought

    Bit Twister wrote:
    > On Tue, 19 Feb 2008 03:54:41 GMT, Jim Beard wrote:
    >> /* Not using OpenDNS */
    >>
    >> [jim@jb ~]$ ping -c1 weather.gov
    >> PING weather.gov (140.90.113.200) 56(84) bytes of data.
    >> 64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=1 ttl=51
    >> time=5.89 ms
    >>
    >> --- weather.gov ping statistics ---
    >> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
    >> rtt min/avg/max/mdev = 5.899/5.899/5.899/0.000 ms
    >>
    >> /* Yes, the decimal point is in the right place */

    >
    > There's the problem, when using opendns your system forgets what it
    > was looking for. :-D
    >
    >
    >
    > There went the hope it was an ipv6 problem.
    >
    > Just for fun, plug in
    > nameserver 4.2.2.1
    > nameserver 4.2.2.2
    >
    >
    > ping -c1 weather.gov
    >
    > to see if it fails again.
    >
    > If works, I have no idea why Open Dns fails.


    See below. All worked, though OpenDNS was slightly slower.

    > You mentioned belt/suspenders.
    >
    > You may want to consider installing privoxy and adding NoScrip add on to firefox.
    > http://www.privoxy.org/
    > http://noscript.net/getit
    >
    > Black Hats have been cracking into ad servers and infecting banners and ads,
    > not to mention flash, pdf, ...
    >
    > Sites you trust can be serving out malware via the banner/ads.
    >
    > From my admin diary.
    >
    > urpmi --wget privoxy --auto
    > server privoxy restart
    >
    >
    > # add privoxy server to firefox
    >
    > firefox
    > Click Network tab
    > Connection
    > Settings button
    >
    > click Manual proxy configuration:
    > HTTP Proxy: 127.0.0.1 Port: 8118
    > SSL Proxy: 127.0.0.1 Port: 8118
    > Click OK
    >
    >
    > # add the noscript extension to block/enable java
    > http://noscript.net/getit
    >
    > In the NoScript Options screen
    > click Advanced tab
    > and set all check boxes checked in the Untrusted screen.


    Using 4.2.2.1 and 4.2.2.2

    PING weather.gov (140.90.113.200) 56(84) bytes of data.
    64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=1 ttl=51
    time=5.85 ms

    Using OpenDNS 208.67.222.222 208.67.220.220
    --- weather.gov ping statistics ---
    1 packets transmitted, 1 received, 0% packet loss, time 0ms
    rtt min/avg/max/mdev = 6.050/6.050/6.050/0.000 ms
    [root@jb etc]# pin -c1 weather.gov

    [root@jb etc]# ping -c1 weather.gov
    PING weather.gov (140.90.113.200) 56(84) bytes of data.
    64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=1 ttl=51
    time=6.05 ms...





    --
    UNIX is not user-unfriendly; it merely
    expects users to be computer-friendly.

  12. Re: OpenDNS nameservers -- Opinions Sought

    On Tue, 19 Feb 2008 23:28:15 GMT, Jim Beard wrote:
    >
    > See below. All worked,


    So, with opendns servers loaded did your weather site still fail?

    > though OpenDNS was slightly slower.


    Yes, pings will vary based on traffic load.

    You can speed up pings by using ip addy instead of name.

  13. Re: OpenDNS nameservers -- Opinions Sought

    On 2008-02-19, Jim Beard wrote:
    > Whiskers wrote:
    >> On 2008-02-19, Jim Beard wrote:
    >>> On Tue, 19 Feb 2008 01:56:18 +0000, Bit Twister wrote:
    >>>> On Tue, 19 Feb 2008 01:26:27 GMT, Jim Beard wrote:


    [...]

    >> Looks to me as though you have set up Mandriva (when creating your network
    >> settings via MCC?) to use your 'router' as the primary DNS server. Does
    >> it actually function as one? What DNS servers is the router using?

    >
    > Yes, the router (D-Link DI624) handles DNS. It uses the Verizon
    > DNS servers.


    Are you sure that your router functions as a DNS server? If the DNS IP
    numbers in the setup interface are under the DHCP settings, then I think
    that just means that local computers getting a DHCP connection from your
    router will be told to use those IP numbers in their own resolving setup.
    In that case, if you set up your computer to use the router as a DNS
    server, that will fail and whatever the second or third DNS server is in
    your computer's setup will be resorted to. That could account for
    'slowness'.

    [...]

    >> Here's my resolv.conf as created by 'something in Mandriva':
    >>
    >> [mark@tavy ~]$ cat /etc/resolv.conf
    >> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
    >> resolvconf(8)
    >> # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
    >> nameserver 208.67.222.222
    >> nameserver 208.67.220.222
    >> [mark@tavy ~]$
    >>
    >> Notice that the difference between those two IP addresses is in the
    >> penultimate triplet, not in the last one.
    >>

    > [The OpenDNS] nameservers are 208.67.222.222 and 208.67.220.220,
    > according to their website instructions. The two I used earlier
    > were from BitTwister, and I may have mistyped something. Or,
    > OpenDNS may have more addresses than listed in any one place. But
    > my top one was correct in any case. Should have worked.
    >
    > Cheers!


    I just looked and you're right, there was a typo in the setup of my router
    so it was telling my computer the wrong IP number for the second DNS
    server. Having re-started my computer's wifi connection, it's resolv.conf
    has been updated )

    --
    -- ^^^^^^^^^^
    -- Whiskers
    -- ~~~~~~~~~~

  14. Re: OpenDNS nameservers -- Opinions Sought

    Whiskers wrote:
    > Are you sure that your router functions as a DNS server? If the DNS IP
    > numbers in the setup interface are under the DHCP settings, then I think
    > that just means that local computers getting a DHCP connection from your
    > router will be told to use those IP numbers in their own resolving setup.
    > In that case, if you set up your computer to use the router as a DNS
    > server, that will fail and whatever the second or third DNS server is in
    > your computer's setup will be resorted to. That could account for
    > 'slowness'.


    The only thing set as a nameserver anywhere on my system was
    nameserver 192.168.0.1, my router's LAN address. I looked at
    resolv.conf, in the files under resolvconf, and in the files below
    /var/run/resolvconf/ and /var/spool/postfix/etc/. In addition,
    I just did a grep -R for 192 and separately for IPADD in
    /etc/sysconfig and got nothing except references to resolv.conf.

    If the router were caching the addresses, that would make a
    difference but when I shifted to 4.2.2.1 and immediately did a
    ping -c1 weather.gov I still got a response in under 6 ms,
    whereas OpenDNS took 53 ms. FWIW, I just did a ping -c1 yahoo.com
    which is a server I do not use, and that returned in 2.96 ms.
    Seems Verizon nameservers serving my machine are _real_ fast.
    They have to be caching, but then, I would expect OpenDNS to be
    doing so, too.

    Cheers!

    jim b.

    --
    UNIX is not user-unfriendly; it merely
    expects users to be computer-friendly.

  15. Re: [ OT ] OpenDNS nameservers -- Opinions Sought

    On Wed, 20 Feb 2008 22:35:52 GMT, Jim Beard wrote:
    >


    > If the router were caching the addresses, that would make a
    > difference but when I shifted to 4.2.2.1 and immediately did a
    > ping -c1 weather.gov I still got a response in under 6 ms,
    > whereas OpenDNS took 53 ms.



    > but then, I would expect OpenDNS to be doing so, too.


    To prove your OpenDNS caching theory, set OpenDNS server in /etc/resolv.conf
    ping -c1 weather.gov should be slow, quick up arrow, return, to run
    ping -c1 weather.gov should be fast :-)

    You can use "dig" to see how fast a DNS server is.

    Still wondering if your weather page is broke under OpenDNS.


  16. Re: [ OT ] OpenDNS nameservers -- Opinions Sought

    On Wed, 20 Feb 2008 23:08:18 +0000, Bit Twister wrote:
    > You can use "dig" to see how fast a DNS server is.
    >
    > Still wondering if your weather page is broke under OpenDNS.


    All seems to be working today. There definitely is some caching
    involved, though.

    I ran dig queries against www.pipes.org yahoo.com and weather.gov
    for 208.67.222.222 208.67.220.220 192.168.0.1 and 4.2.2.1

    Longest query time was 82 ms to pipes.org, with 4.2.2.1 coming in
    at 43 ms on its slowest response. On weather.gov, all had a query
    time of under 7 ms. Overall 4.2.2.1 had the shortest query times,
    with 192.168.0.1 about 1 ms longer and the OpenDNS servers
    maybe 1 ms longer than that. 4 ms, 5 ms, 6 ms, more or less,
    respectively.

    Aterm/Eterm does not cut/paste nicely, and I forget
    I needed to load an x-term so you do not get the details. When
    I did shift to an x-term, all three DNS serserv were running mostly
    6 ms or less.

    Cheers!

    jim b.



    --

  17. Re: [ OT ] OpenDNS nameservers -- Opinions Sought

    On Wed, 20 Feb 2008 23:08:18 +0000, Bit Twister wrote:

    > On Wed, 20 Feb 2008 22:35:52 GMT, Jim Beard wrote:
    >>
    >>
    >> If the router were caching the addresses, that would make a difference
    >> but when I shifted to 4.2.2.1 and immediately did a ping -c1
    >> weather.gov I still got a response in under 6 ms, whereas OpenDNS took
    >> 53 ms.

    >
    >
    >> but then, I would expect OpenDNS to be doing so, too.

    >
    > To prove your OpenDNS caching theory, set OpenDNS server in
    > /etc/resolv.conf ping -c1 weather.gov should be slow, quick up
    > arrow, return, to run ping -c1 weather.gov should be fast :-)
    >
    > You can use "dig" to see how fast a DNS server is.
    >
    > Still wondering if your weather page is broke under OpenDNS.


    Using OpenDNS:
    [root@localhost etc]# ping weather.gov
    PING weather.gov (140.90.113.200) 56(84) bytes of data.
    64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=1 ttl=51 time=6.15 ms
    64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=2 ttl=51 time=6.05 ms
    64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=3 ttl=51 time=6.00 ms
    64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=4 ttl=51 time=5.90 ms
    64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=5 ttl=51 time=5.99 ms
    64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=6 ttl=51 time=6.05 ms
    64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=7 ttl=51 time=6.07 ms
    64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=8 ttl=51 time=6.07 ms
    64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=9 ttl=51 time=5.95 ms
    64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=10 ttl=51 time=6.33 ms

    Back to router as nameserver:
    --- weather.gov ping statistics ---
    10 packets transmitted, 10 received, 0% packet loss, time 9000ms
    rtt min/avg/max/mdev = 5.909/6.058/6.335/0.145 ms
    [root@localhost etc]# vi resolv.conf
    [root@localhost etc]# ping weather.gov
    PING weather.gov (140.90.113.200) 56(84) bytes of data.
    64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=1 ttl=51 time=6.16 ms
    64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=2 ttl=51 time=6.03 ms
    64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=3 ttl=51 time=6.09 ms
    64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=4 ttl=51 time=6.17 ms
    64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=5 ttl=51 time=6.13 ms
    64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=6 ttl=51 time=6.03 ms
    64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=7 ttl=51 time=5.94 ms
    64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=8 ttl=51 time=6.40 ms
    64 bytes from nws.noaa.gov (140.90.113.200): icmp_seq=9 ttl=51 time=6.10 ms

    --- weather.gov ping statistics ---
    9 packets transmitted, 9 received, 0% packet loss, time 8000ms
    rtt min/avg/max/mdev = 5.946/6.120/6.401/0.149 ms
    [root@localhost etc]# urpmi kdebindings3-python/python-kde3
    No package named kdebindings3-python/python-kde3

    Today, OpenDNS looks a little better. Given the responses in
    favor of OpenDNS, looks like time to put it in and let it go for
    a while.

    --
    /home/jim/.signature

  18. Re: [ OT ] OpenDNS nameservers -- Opinions Sought

    On Thu, 21 Feb 2008 02:27:14 GMT, Jim Beard wrote:

    > Today, OpenDNS looks a little better. Given the responses in
    > favor of OpenDNS, looks like time to put it in and let it go for
    > a while.


    I would have to say the day you started this thread there were
    problems from your gateway and beyond, not with OpenDNS.

    Those ping time fluctuations are "normal network" variations.

  19. Re: OpenDNS nameservers -- Opinions Sought

    On 2008-02-20, Jim Beard wrote:
    > Whiskers wrote:
    >> Are you sure that your router functions as a DNS server? If the DNS IP
    >> numbers in the setup interface are under the DHCP settings, then I think
    >> that just means that local computers getting a DHCP connection from your
    >> router will be told to use those IP numbers in their own resolving setup.
    >> In that case, if you set up your computer to use the router as a DNS
    >> server, that will fail and whatever the second or third DNS server is in
    >> your computer's setup will be resorted to. That could account for
    >> 'slowness'.

    >
    > The only thing set as a nameserver anywhere on my system was
    > nameserver 192.168.0.1, my router's LAN address.


    I don't think your router functions as a DNS server of any sort. So if
    your comnputer asks it to be one, it will fail and then your computer will
    have to fall back onto whatever else it finds in resolv.conf. That will
    introduce a noticeable delay. If at that moment there are no secondary
    entries in your resolv.conf you won't be able to lookup any DNS
    information so eg web pages will be 'unavailable'.

    If your LAN uses DHCP then each time your computer connects to the router,
    or the DHCP system 'refreshes', it will be told by the router what DNS
    server addresses to put into resolv.conf - over-writing anything else you
    might have had in there before.

    > I looked at
    > resolv.conf, in the files under resolvconf, and in the files below
    > /var/run/resolvconf/ and /var/spool/postfix/etc/. In addition,
    > I just did a grep -R for 192 and separately for IPADD in
    > /etc/sysconfig and got nothing except references to resolv.conf.
    >
    > If the router were caching the addresses, that would make a
    > difference but when I shifted to 4.2.2.1 and immediately did a
    > ping -c1 weather.gov I still got a response in under 6 ms,
    > whereas OpenDNS took 53 ms. FWIW, I just did a ping -c1 yahoo.com
    > which is a server I do not use, and that returned in 2.96 ms.
    > Seems Verizon nameservers serving my machine are _real_ fast.
    > They have to be caching, but then, I would expect OpenDNS to be
    > doing so, too.
    >
    > Cheers!
    >
    > jim b.


    I don't think ping is a useful indicator of how fast your DNS server is at
    responding to your requests - too many other factors effect the response
    of ping, not least the performance and settings of the target of the ping.
    I would suggest that dig will tell you how quick the DNS server itself is.
    (If the target machine is set to drop all ping requests, you'll get no
    response at all, of course).

    I just got a dig yahoo.com query back from OpenDNS in 31ms (which isn't too
    bad for a transatlantic connection during office hours). That feels
    instantaneous to me. Pinging yahoo.com gets a round-trip time of about
    188ms - and so does pinging 66.94.234.13 thus eliminating any DNS element
    at all in the response of the ping.

    (My internet connection is rate-adaptive DSL; "up to" 8Mbps download,
    512kbps dowload, but usually well below that speed).

    --
    -- ^^^^^^^^^^
    -- Whiskers
    -- ~~~~~~~~~~

  20. Re: OpenDNS nameservers -- Opinions Sought

    Whiskers wrote:
    > I don't think your router functions as a DNS server of any sort. So if
    > your comnputer asks it to be one, it will fail and then your computer will
    > have to fall back onto whatever else it finds in resolv.conf. That will
    > introduce a noticeable delay. If at that moment there are no secondary
    > entries in your resolv.conf you won't be able to lookup any DNS
    > information so eg web pages will be 'unavailable'.


    The router has a place in the configuration gui to insert dnsserver
    addresses (optional), and a button to click to enable or disable dns
    relay. The addresses are left blank and the router is set for dns
    relay enabled. If the router were not getting involved, I would
    expect a straight passthrough (dns relay disabled).

    Just for grins, I ran dig with no arguments, when 192.168.0.1 was
    the only thing in resolv.conf. I am not quite sure what to make of
    the response, but perhaps you can sort it. Note that the SERVER
    is identified at the bottom as 192.168.0.1.

    [jim@localhost etc]$ dig

    ; <<>> DiG 9.5.0b2 <<>>
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9541
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 14

    ;; QUESTION SECTION:
    ;. IN NS

    ;; ANSWER SECTION:
    .. 40105 IN NS I.ROOT-SERVERS.NET.
    .. 40105 IN NS J.ROOT-SERVERS.NET.
    .. 40105 IN NS K.ROOT-SERVERS.NET.
    .. 40105 IN NS L.ROOT-SERVERS.NET.
    .. 40105 IN NS M.ROOT-SERVERS.NET.
    .. 40105 IN NS A.ROOT-SERVERS.NET.
    .. 40105 IN NS B.ROOT-SERVERS.NET.
    .. 40105 IN NS C.ROOT-SERVERS.NET.
    .. 40105 IN NS D.ROOT-SERVERS.NET.
    .. 40105 IN NS E.ROOT-SERVERS.NET.
    .. 40105 IN NS F.ROOT-SERVERS.NET.
    .. 40105 IN NS G.ROOT-SERVERS.NET.
    .. 40105 IN NS H.ROOT-SERVERS.NET.

    ;; ADDITIONAL SECTION:
    J.ROOT-SERVERS.NET. 531725 IN A 192.58.128.30
    J.ROOT-SERVERS.NET. 126647 IN AAAA 2001:503:c27::2:30
    K.ROOT-SERVERS.NET. 540676 IN A 193.0.14.129
    K.ROOT-SERVERS.NET. 540676 IN AAAA 2001:7fd::1
    L.ROOT-SERVERS.NET. 531725 IN A 199.7.83.42
    M.ROOT-SERVERS.NET. 531725 IN A 202.12.27.33
    M.ROOT-SERVERS.NET. 126647 IN AAAA 2001:dc3::35
    A.ROOT-SERVERS.NET. 597289 IN A 198.41.0.4
    A.ROOT-SERVERS.NET. 597289 IN AAAA 2001:503:ba3e::2:30
    B.ROOT-SERVERS.NET. 597289 IN A 192.228.79.201
    C.ROOT-SERVERS.NET. 597289 IN A 192.33.4.12
    D.ROOT-SERVERS.NET. 597289 IN A 128.8.10.90
    E.ROOT-SERVERS.NET. 597289 IN A 192.203.230.10
    F.ROOT-SERVERS.NET. 597289 IN A 192.5.5.241

    ;; Query time: 5 msec
    ;; SERVER: 192.168.0.1#53(192.168.0.1)
    ;; WHEN: Thu Feb 21 17:12:06 2008
    ;; MSG SIZE rcvd: 500

    >
    > If your LAN uses DHCP then each time your computer connects to the router,
    > or the DHCP system 'refreshes', it will be told by the router what DNS
    > server addresses to put into resolv.conf - over-writing anything else you
    > might have had in there before.


    My computers do use DHCP, but the only address that ever appears in
    resolv.conf (other than the ones I enter by hand) is 192.168.0.1.

    >> If the router were caching the addresses, that would make a
    >> difference but when I shifted to 4.2.2.1 and immediately did a
    >> ping -c1 weather.gov I still got a response in under 6 ms,
    >> whereas OpenDNS took 53 ms. FWIW, I just did a ping -c1 yahoo.com
    >> which is a server I do not use, and that returned in 2.96 ms.
    >> Seems Verizon nameservers serving my machine are _real_ fast.
    >> They have to be caching, but then, I would expect OpenDNS to be
    >> doing so, too.


    I tried using the OpenDNS servers earlier this evening, and an
    attempt to get to my home banking was slower than molasses in
    January, or February. Minutes to get in. Then seconds by the score
    to move between pages. I switched back to the router address in
    resolv.conf, and everything moves along briskly.

    There are, I think, a couple of things involved here. One is
    caching. Second, I have a feeling that the Home Banking server
    may be watching the header data on incoming packets. When I did get
    in using OpenDNS, the first thing that happened was I had to answer
    the questions used to validate my loging when using a computer other
    than one I normally use. This could be a result of my using a new
    Beta kernel, I suppose, but it may be that the server is watching
    the originating addresses.

    Another factor is (I assume) that the DNS machine watches and blocks
    ad servers, malware servers, etc, on a packet by packet (or maybe
    session) basis. Just checking those addresses will
    take some amount of time, and if caching is involved at this point,
    that would be one more place where things could slow down.

    So, for a valid comparison, I would have to use OpenDNS for several
    days to see if it starts caching the addys I need, and if the servers
    I use start responding more promptly to recognized points/paths of
    origin. A pain in the posterior, as OpenDNS currently is ok part
    of the time, but part of the time it flat out s*cks.

    On the plus side, using OpenDNS this evening, the ads I find most
    obnoxious in the WSJ pages (the animated flashing things -- I despise
    them; have to keep switching between all java off to stop it, and
    turning java-script on to forward articles now and then) did not
    appear. I suspect they were blocked by OpenDNS (Yea!). I did get
    ads in their place, but static ones. Much easier to tolerate.

    > I don't think ping is a useful indicator of how fast your DNS server is at
    > responding to your requests - too many other factors effect the response
    > of ping, not least the performance and settings of the target of the ping.
    > I would suggest that dig will tell you how quick the DNS server itself is.
    > (If the target machine is set to drop all ping requests, you'll get no
    > response at all, of course).


    I did use dig a bit. Using my router, and the Verizon nameservers,
    both delivered query times of around 5 ms, give or take a ms or so,
    with a rare exception in the 30-45 ms range. OpenDNS at its best was
    in the 6 ms range, but query time between 45 and 60 ms was common,
    and it took 82 or 83 ms for one site located on the Left Coast.
    >
    > I just got a dig yahoo.com query back from OpenDNS in 31ms (which isn't too
    > bad for a transatlantic connection during office hours). That feels
    > instantaneous to me. Pinging yahoo.com gets a round-trip time of about
    > 188ms - and so does pinging 66.94.234.13 thus eliminating any DNS element
    > at all in the response of the ping.



    ; <<>> DiG 9.4.1-P1 <<>> yahoo.com
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65441
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;yahoo.com. IN A

    ;; ANSWER SECTION:
    yahoo.com. 204 IN A 216.109.112.135
    yahoo.com. 204 IN A 66.94.234.13

    ;; Query time: 13 msec
    ;; SERVER: 192.168.0.1#53(192.168.0.1)
    ;; WHEN: Thu Feb 21 19:56:59 2008
    ;; MSG SIZE rcvd: 59

    [jim@jb jim]$ ping 66.94.234.13
    PING 66.94.234.13 (66.94.234.13) 56(84) bytes of data.
    64 bytes from 66.94.234.13: icmp_seq=1 ttl=54 time=89.7 ms
    64 bytes from 66.94.234.13: icmp_seq=2 ttl=53 time=89.7 ms
    64 bytes from 66.94.234.13: icmp_seq=3 ttl=53 time=89.5 ms

    As you can see from the above, fiber to the home in my case
    does deliver better speed. It probably helps that I live
    near MAE-East. (Maybe when I die, I will get to live near
    Mae West. What think you? But I would be willing to settle
    for Dorothy Parker.)

    > (My internet connection is rate-adaptive DSL; "up to" 8Mbps download,
    > 512kbps dowload, but usually well below that speed).

    FIOS (fiber to the outside wall of the house) 5 MB down, maybe 2 up.

    Cheers!

    jim b.

    --
    UNIX is not user-unfriendly; it merely
    expects users to be computer-friendly.

+ Reply to Thread
Page 2 of 3 FirstFirst 1 2 3 LastLast