OpenDNS nameservers -- Opinions Sought - Mandriva

This is a discussion on OpenDNS nameservers -- Opinions Sought - Mandriva ; On Fri, 22 Feb 2008 01:14:04 GMT, Jim Beard wrote: > My computers do use DHCP, but the only address that ever appears in > resolv.conf (other than the ones I enter by hand) is 192.168.0.1. As a rule, the ...

+ Reply to Thread
Page 3 of 3 FirstFirst 1 2 3
Results 41 to 52 of 52

Thread: OpenDNS nameservers -- Opinions Sought

  1. Re: OpenDNS nameservers -- Opinions Sought

    On Fri, 22 Feb 2008 01:14:04 GMT, Jim Beard wrote:


    > My computers do use DHCP, but the only address that ever appears in
    > resolv.conf (other than the ones I enter by hand) is 192.168.0.1.


    As a rule, the dhcp server sends in what DNS server(s) to use.


    > I tried using the OpenDNS servers earlier this evening, and an
    > attempt to get to my home banking was slower than molasses in
    > January, or February. Minutes to get in. Then seconds by the score
    > to move between pages. I switched back to the router address in
    > resolv.conf, and everything moves along briskly.


    I would like you to run the test again, but switch back to opendns
    to verify the visible slowness shows back up.



    > There are, I think, a couple of things involved here. One is
    > caching. Second, I have a feeling that the Home Banking server
    > may be watching the header data on incoming packets. When I did get
    > in using OpenDNS, the first thing that happened was I had to answer
    > the questions used to validate my loging when using a computer other
    > than one I normally use.


    Yep, my bank's page will store a cookie with my Internet ip address
    and I will get the same kind of warning plus an email to use to get
    back into my account.


    > Another factor is (I assume) that the DNS machine watches and blocks
    > ad servers, malware servers, etc, on a packet by packet (or maybe
    > session) basis.


    It would be the ip address of the ad.

    > wJust checking those addresses will
    > take some amount of time, and if caching is involved at this point,
    > that would be one more place where things could slow down.


    That is what I do not understand. I ran all the urls you gave and none
    of them were slow.


    > So, for a valid comparison, I would have to use OpenDNS for several
    > days to see if it starts caching the addys I need, and if the servers
    > I use start responding more promptly to recognized points/paths of
    > origin. A pain in the posterior, as OpenDNS currently is ok part
    > of the time, but part of the time it flat out s*cks.


    Next time you have the slow problem. I would like to work with you on
    the problem. If you have/get an skype account, I can stay logged into skype
    and we can trouble shoot the problem a little bit in real time if you
    like. Just give my your skype id and I'll watch for you.


    > On the plus side, using OpenDNS this evening, the ads I find most
    > obnoxious in the WSJ pages (the animated flashing things -- I despise
    > them; have to keep switching between all java off to stop it, and
    > turning java-script on to forward articles now and then) did not
    > appear. I suspect they were blocked by OpenDNS (Yea!). I did get
    > ads in their place, but static ones. Much easier to tolerate.


    If you install privoxy, you may be able to improve your surfing
    experience all around.

    click up a terminal

    su - root
    urpmi --wget privoxy -- auto
    exit
    exit

    In firefox,
    Edit->Preference->Advanced
    Click Network tab
    Connection
    Settings button

    click Manual proxy configuration:
    HTTP Proxy: 127.0.0.1 Port: 8118
    SSL Proxy: 127.0.0.1 Port: 8118
    Click OK
    Click Close


  2. Re: OpenDNS nameservers -- Opinions Sought

    On 2008-02-22, Jim Beard wrote:
    > Whiskers wrote:
    >> I don't think your router functions as a DNS server of any sort. So if
    >> your comnputer asks it to be one, it will fail and then your computer will
    >> have to fall back onto whatever else it finds in resolv.conf. That will
    >> introduce a noticeable delay. If at that moment there are no secondary
    >> entries in your resolv.conf you won't be able to lookup any DNS
    >> information so eg web pages will be 'unavailable'.

    >
    > The router has a place in the configuration gui to insert dnsserver
    > addresses (optional), and a button to click to enable or disable dns
    > relay. The addresses are left blank and the router is set for dns
    > relay enabled. If the router were not getting involved, I would
    > expect a straight passthrough (dns relay disabled).


    I'd be interested to know what 'dns relay' means in that context. I
    suspect that it means that whenever a computer on your LAN directs a DNS
    query to your router, the router relays that request to your ISP's DNS
    server(s). If you enter the DNS server addresses you want to use and turn
    of 'relay', then the router will use the specified DNS servers for its own
    purposes and tell any DHCP clients on your LAN to use those same servers
    in resolv.conf. In neither case is your router functioning as a DNS
    server itself (although enabling DNS Relay will make it look as though it
    is).

    I've never used a 'static' setup for my LAN so I haven't looked into the
    DNS arrangements for that.

    > Just for grins, I ran dig with no arguments, when 192.168.0.1 was
    > the only thing in resolv.conf. I am not quite sure what to make of
    > the response, but perhaps you can sort it. Note that the SERVER
    > is identified at the bottom as 192.168.0.1.
    >
    > [jim@localhost etc]$ dig


    [...]

    Doing that, I get

    $ dig

    ; <<>> DiG 9.4.1-P1 <<>>
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16290
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;. IN NS

    ;; ANSWER SECTION:
    .. 518377 IN NS M.ROOT-SERVERS.NET.
    .. 518377 IN NS A.ROOT-SERVERS.NET.
    .. 518377 IN NS B.ROOT-SERVERS.NET.
    .. 518377 IN NS C.ROOT-SERVERS.NET.
    .. 518377 IN NS D.ROOT-SERVERS.NET.
    .. 518377 IN NS E.ROOT-SERVERS.NET.
    .. 518377 IN NS F.ROOT-SERVERS.NET.
    .. 518377 IN NS G.ROOT-SERVERS.NET.
    .. 518377 IN NS H.ROOT-SERVERS.NET.
    .. 518377 IN NS I.ROOT-SERVERS.NET.
    .. 518377 IN NS J.ROOT-SERVERS.NET.
    .. 518377 IN NS K.ROOT-SERVERS.NET.
    .. 518377 IN NS L.ROOT-SERVERS.NET.

    ;; Query time: 34 msec
    ;; SERVER: 208.67.222.222#53(208.67.222.222)
    ;; WHEN: Fri Feb 22 12:30:39 2008
    ;; MSG SIZE rcvd: 228



    >>
    >> If your LAN uses DHCP then each time your computer connects to the router,
    >> or the DHCP system 'refreshes', it will be told by the router what DNS
    >> server addresses to put into resolv.conf - over-writing anything else you
    >> might have had in there before.

    >
    > My computers do use DHCP, but the only address that ever appears in
    > resolv.conf (other than the ones I enter by hand) is 192.168.0.1.


    That'll be the effect of enabling 'DNS Relay' in the router setup, I
    expect. You'll actually be using the DNS servers provided by your ISP.

    >>> If the router were caching the addresses, that would make a
    >>> difference but when I shifted to 4.2.2.1 and immediately did a
    >>> ping -c1 weather.gov I still got a response in under 6 ms,
    >>> whereas OpenDNS took 53 ms. FWIW, I just did a ping -c1 yahoo.com
    >>> which is a server I do not use, and that returned in 2.96 ms.
    >>> Seems Verizon nameservers serving my machine are _real_ fast.
    >>> They have to be caching, but then, I would expect OpenDNS to be
    >>> doing so, too.


    A DNS server only caches its list of domain name to IP number conversions,
    it doesn't have anything to do with the actual content of anywhere you
    might visit on the internet.

    Your ISP might have a caching proxy web server providing its customers a
    quicker access to popular web pages, but that's a different matter - and
    'secure' pages such as your bank's login and account information etc will
    never be cached.

    > I tried using the OpenDNS servers earlier this evening, and an
    > attempt to get to my home banking was slower than molasses in
    > January, or February. Minutes to get in. Then seconds by the score
    > to move between pages. I switched back to the router address in
    > resolv.conf, and everything moves along briskly.


    That sort of delay is far too long for DNS lookups to have anything to do
    with it.

    > There are, I think, a couple of things involved here. One is
    > caching. Second, I have a feeling that the Home Banking server
    > may be watching the header data on incoming packets. When I did get
    > in using OpenDNS, the first thing that happened was I had to answer
    > the questions used to validate my loging when using a computer other
    > than one I normally use. This could be a result of my using a new
    > Beta kernel, I suppose, but it may be that the server is watching
    > the originating addresses.


    The headers on the packets coming from your computer won't tell the bank
    which DNS server you used to get the IP number you used to get to the
    bank's server.

    But if you use a DNS server that gives you the 'wrong' IP numbers, then
    that suggests that your bank has a problem with it's own DNS arrangements
    (for telling the public DNS servers what IP number matches the domain
    names in use). Or perhaps even deliberately arranges for OpenDNS to get a
    duff IP number so as to discourage customers from using that service? Or
    OpenDNS have instigated their own re-direct for your bank's domain?
    Perhaps asking OpneDNS and your bank to comment would be interesting.

    > Another factor is (I assume) that the DNS machine watches and blocks
    > ad servers, malware servers, etc, on a packet by packet (or maybe
    > session) basis. Just checking those addresses will
    > take some amount of time, and if caching is involved at this point,
    > that would be one more place where things could slow down.


    I'm not sure you've quite grasped what OpenDNS, or any DNS server, actually
    does.

    I doubt if OpenDNS inspects any of the packets between your computer and
    any other computer apart from theirs. Once a DNS server has told your
    computer which IP number to use for a given domain name the DNS server is
    no longer involved at all - the traffic goes between you and your bank, the
    DNS server doesn't see any of it. Use a packet sniffer to get a look at
    the conversations your computer has when you visit a web site.

    > So, for a valid comparison, I would have to use OpenDNS for several
    > days to see if it starts caching the addys I need, and if the servers
    > I use start responding more promptly to recognized points/paths of
    > origin. A pain in the posterior, as OpenDNS currently is ok part
    > of the time, but part of the time it flat out s*cks.


    Unless different DNS servers are being told to associate different IP
    numbers with particular domain names, your bank has no way of knowing
    which DNS servers you are using.

    > On the plus side, using OpenDNS this evening, the ads I find most
    > obnoxious in the WSJ pages (the animated flashing things -- I despise
    > them; have to keep switching between all java off to stop it, and
    > turning java-script on to forward articles now and then) did not
    > appear. I suspect they were blocked by OpenDNS (Yea!). I did get
    > ads in their place, but static ones. Much easier to tolerate.


    Java and javascript aren't the same thing. Unless you've told OpenDNS to
    block a specific URL or IP number, they won't. I'd suspect a change in
    the embedded adverts in the WSJ pages between your visits.

    I normally browse using Opera, with Java, javascript, plugins, and images,
    all disabled. Saves a lot of time and annoyance! Visiting
    in that way is a very different
    experience (far quicker, for a start) to what I get with everything turned
    on - when in fact the page never loads fully. Opera does successfully
    block content on that page from burstnet and doubleclick, which I can see
    if I fire up Firefox. Try going there with Dillo and Lynx

    >> I don't think ping is a useful indicator of how fast your DNS server is at
    >> responding to your requests - too many other factors effect the response
    >> of ping, not least the performance and settings of the target of the ping.
    >> I would suggest that dig will tell you how quick the DNS server itself is.
    >> (If the target machine is set to drop all ping requests, you'll get no
    >> response at all, of course).

    >
    > I did use dig a bit. Using my router, and the Verizon nameservers,
    > both delivered query times of around 5 ms, give or take a ms or so,
    > with a rare exception in the 30-45 ms range. OpenDNS at its best was
    > in the 6 ms range, but query time between 45 and 60 ms was common,
    > and it took 82 or 83 ms for one site located on the Left Coast.


    Any of those times would seem pretty 'instant'; 100ms is one tenth of a
    second. 5ms is one two-hundredth of a second - and I don't think I've ever
    seen a DNS lookup as fast as that; even using my ISP's DNS server 25ms
    would be unusually quick.

    >> I just got a dig yahoo.com query back from OpenDNS in 31ms (which isn't too
    >> bad for a transatlantic connection during office hours). That feels
    >> instantaneous to me. Pinging yahoo.com gets a round-trip time of about
    >> 188ms - and so does pinging 66.94.234.13 thus eliminating any DNS element
    >> at all in the response of the ping.

    >
    >
    > ; <<>> DiG 9.4.1-P1 <<>> yahoo.com
    > ;; global options: printcmd
    > ;; Got answer:
    > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65441
    > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
    >
    > ;; QUESTION SECTION:
    > ;yahoo.com. IN A
    >
    > ;; ANSWER SECTION:
    > yahoo.com. 204 IN A 216.109.112.135
    > yahoo.com. 204 IN A 66.94.234.13
    >
    > ;; Query time: 13 msec
    > ;; SERVER: 192.168.0.1#53(192.168.0.1)
    > ;; WHEN: Thu Feb 21 19:56:59 2008
    > ;; MSG SIZE rcvd: 59
    >
    > [jim@jb jim]$ ping 66.94.234.13
    > PING 66.94.234.13 (66.94.234.13) 56(84) bytes of data.
    > 64 bytes from 66.94.234.13: icmp_seq=1 ttl=54 time=89.7 ms
    > 64 bytes from 66.94.234.13: icmp_seq=2 ttl=53 time=89.7 ms
    > 64 bytes from 66.94.234.13: icmp_seq=3 ttl=53 time=89.5 ms
    >
    > As you can see from the above, fiber to the home in my case
    > does deliver better speed. It probably helps that I live
    > near MAE-East.


    Show-off )

    > (Maybe when I die, I will get to live near
    > Mae West. What think you? But I would be willing to settle
    > for Dorothy Parker.)


    Careful, with modern computerised bureaucracy you could end up with Charley
    Parker or a mouldy life-jacket.

    [...]

    --
    -- ^^^^^^^^^^
    -- Whiskers
    -- ~~~~~~~~~~

  3. Re: OpenDNS nameservers -- Opinions Sought

    On Fri, 22 Feb 2008 01:31:26 +0000, Bit Twister wrote:

    > On Fri, 22 Feb 2008 01:14:04 GMT, Jim Beard wrote:
    >> My computers do use DHCP, but the only address that ever appears in
    >> resolv.conf (other than the ones I enter by hand) is 192.168.0.1.

    >
    > As a rule, the dhcp server sends in what DNS server(s) to use.
    >

    My D-Link DI-624 appears to be an exception.
    >
    >> I tried using the OpenDNS servers earlier this evening, and an attempt
    >> to get to my home banking was slower than molasses in January, or
    >> February. Minutes to get in. Then seconds by the score to move
    >> between pages. I switched back to the router address in resolv.conf,
    >> and everything moves along briskly.

    >
    > I would like you to run the test again, but switch back to opendns to
    > verify the visible slowness shows back up.
    >

    Well, I am back to OpenDNS this morning, and machine response
    is not as snappy as I am accustomed to, but it is tolerable.
    >
    >> There are, I think, a couple of things involved here. One is caching.
    >> Second, I have a feeling that the Home Banking server may be watching


    > Yep, my bank's page will store a cookie with my Internet ip address and
    > I will get the same kind of warning plus an email to use to get back
    > into my account.
    >
    >
    >> Another factor is (I assume) that the DNS machine watches and blocks ad
    >> servers, malware servers, etc, on a packet by packet (or maybe session)
    >> basis.

    >
    > It would be the ip address of the ad.
    >
    >> wJust checking those addresses will
    >> take some amount of time, and if caching is involved at this point,
    >> that would be one more place where things could slow down.

    >
    > That is what I do not understand. I ran all the urls you gave and none
    > of them were slow.
    >

    Perhaps they had gone into cache and were still there?
    >
    >> So, for a valid comparison, I would have to use OpenDNS for several
    >> days to see if it starts caching the addys I need, and if the servers I
    >> use start responding more promptly to recognized points/paths of
    >> origin. A pain in the posterior, as OpenDNS currently is ok part of
    >> the time, but part of the time it flat out s*cks.

    >
    > Next time you have the slow problem. I would like to work with you on
    > the problem. If you have/get an skype account, I can stay logged into
    > skype and we can trouble shoot the problem a little bit in real time if
    > you like. Just give my your skype id and I'll watch for you.
    >

    I don't have the skype account, and do not have a microphone set up
    on this machine. For the moment, with things working in acceptable
    fashion, I do not think we have trouble worth shooting. Should we
    need it, I can pass you my voice phone and then call back if you pay
    by the minute rather than monthly flat rate.
    >
    >> On the plus side, using OpenDNS this evening, the ads I find most
    >> obnoxious in the WSJ pages (the animated flashing things -- I despise
    >> them; have to keep switching between all java off to stop it, and
    >> turning java-script on to forward articles now and then) did not
    >> appear. I suspect they were blocked by OpenDNS (Yea!). I did get ads
    >> in their place, but static ones. Much easier to tolerate.

    >
    > If you install privoxy, you may be able to improve your surfing
    > experience all around.
    >

    Installed, but I must configure it. On first try it wanted a config
    file, and declared its absence a fatal error.

    Cheers!


  4. Re: OpenDNS nameservers -- Opinions Sought

    On Fri, 22 Feb 2008 16:08:21 GMT, Jim Beard wrote:
    > On Fri, 22 Feb 2008 01:31:26 +0000, Bit Twister wrote:
    >>
    >> As a rule, the dhcp server sends in what DNS server(s) to use.
    >>

    > My D-Link DI-624 appears to be an exception.


    Hence, "As a rule"
    if you set eth0 as dhcp (automatic) and resolv.conf gets router's ip
    then rouer's dhcp server did send DNS servers.

    If ISP's dns ips show up in resolv.conf router's dhcp server did send
    DNS server values. :-D

    >> That is what I do not understand. I ran all the urls you gave and none
    >> of them were slow.
    >>

    > Perhaps they had gone into cache and were still there?


    AH YES, but you can test that theory, Set resolv.conf as
    # nameserver router_ip_here
    namesever opendns_ip_here

    First time browser boggs down,
    click up a root terminal
    kwrite /etc/resolv.conf &

    wait for browser page completion,
    Uncomment router_ip line
    Ctl s
    click refresh/reload on web page.
    Snaps right up, Ok,
    comment out router_ip_here
    Ctl s
    click refresh/reload on web page.


    >> you like. Just give my your skype id and I'll watch for you.
    >>

    > I don't have the skype account, and do not have a microphone set up
    > on this machine.


    Not a problem, skype has a chat/im type screen, no mic needed.
    I think I have been able to voice at someone without a mic and they
    chat'ed answers at me.


    > For the moment, with things working in acceptable
    > fashion, I do not think we have trouble worth shooting.


    >>
    >> If you install privoxy, you may be able to improve your surfing
    >> experience all around.
    >>

    > Installed, but I must configure it. On first try it wanted a config
    > file, and declared its absence a fatal error.


    Guess, I will have to uninstall, install to see the name of the config
    file.

    New rpm may have changed and I never see the problem because I copy in
    my custom changes hiding the problem from me.

  5. Re: OpenDNS nameservers -- Opinions Sought

    On Fri, 22 Feb 2008 13:58:18 +0000, Whiskers wrote:
    > On 2008-02-22, Jim Beard wrote:
    >> Whiskers wrote:

    W>>> I don't think your router functions as a DNS server of any sort.
    >>

    J>> The router has a place in the configuration gui to insert dnsserver
    >> addresses (optional), and a button to click to enable or disable dns
    >> relay.

    >

    W> I'd be interested to know what 'dns relay' means in that context. I
    > suspect that it means that whenever a computer on your LAN directs a DNS
    > query to your router, the router relays that request to your ISP's DNS
    > server(s). If you enter the DNS server addresses you want to use and
    > turn of 'relay', then the router will use the specified DNS servers for
    > its own purposes and tell any DHCP clients on your LAN to use those same
    > servers in resolv.conf. In neither case is your router functioning as a
    > DNS server itself (although enabling DNS Relay will make it look as
    > though it is).


    My guess is you have hit the nail on the head.

    >> Just for grins, I ran dig with no arguments, when 192.168.0.1 was the
    >> only thing in resolv.conf. I am not quite sure what to make of the
    >> response, but perhaps you can sort it. Note that the SERVER is
    >> identified at the bottom as 192.168.0.1.
    >>
    >> [jim@localhost etc]$ dig

    >
    > [...]
    >
    > Doing that, I get
    >
    > $ dig
    >
    > ; <<>> DiG 9.4.1-P1 <<>>
    > ;; global options: printcmd
    > ;; Got answer:
    > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16290 ;; flags: qr
    > rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0
    >
    > ;; QUESTION SECTION:
    > ;. IN NS
    >
    > ;; ANSWER SECTION:
    > . 518377 IN NS M.ROOT-SERVERS.NET. .
    > 518377 IN NS A.ROOT-SERVERS.NET. .
    > 518377 IN NS B.ROOT-SERVERS.NET. .
    > 518377 IN NS C.ROOT-SERVERS.NET. .
    > 518377 IN NS D.ROOT-SERVERS.NET. .
    > 518377 IN NS E.ROOT-SERVERS.NET. .
    > 518377 IN NS F.ROOT-SERVERS.NET. .
    > 518377 IN NS G.ROOT-SERVERS.NET. .
    > 518377 IN NS H.ROOT-SERVERS.NET. .
    > 518377 IN NS I.ROOT-SERVERS.NET. .
    > 518377 IN NS J.ROOT-SERVERS.NET. .
    > 518377 IN NS K.ROOT-SERVERS.NET. .
    > 518377 IN NS L.ROOT-SERVERS.NET.
    >
    > ;; Query time: 34 msec
    > ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Fri Feb 22
    > 12:30:39 2008
    > ;; MSG SIZE rcvd: 228
    >

    It seems I got more IP addresses, and some numbers that were
    either IPv6 or MAC numbers or something. Why? I have no idea.

    J>> My computers do use DHCP, but the only address that ever appears in
    >> resolv.conf (other than the ones I enter by hand) is 192.168.0.1.

    >

    W> That'll be the effect of enabling 'DNS Relay' in the router setup, I
    > expect. You'll actually be using the DNS servers provided by your ISP.
    >

    W> A DNS server only caches its list of domain name to IP number
    > conversions, it doesn't have anything to do with the actual content of
    > anywhere you might visit on the internet.
    >

    W> Your ISP might have a caching proxy web server providing its customers a
    > quicker access to popular web pages, but that's a different matter - and
    > 'secure' pages such as your bank's login and account information etc
    > will never be cached.


    I had not thought of that, but my guess is that an outfit as large as
    Verizon would be doing exactly that. And its customer base in the
    Washington DC area would probably mean a lot of pages cached,
    by people with interests similar to mine.
    >

    J>> I tried using the OpenDNS servers earlier this evening, and an attempt
    >> to get to my home banking was slower than molasses in January,

    >

    W> That sort of delay is far too long for DNS lookups to have anything to
    > do with it.


    Unless misdirection were involved. The idea below about the site
    deliberately providing a "tailored" address to nonpreferred DNS
    servers could dump the connection into a "look at this one carefully"
    honeypot, and if the pot were full at the time that could slow things
    down dramatically.

    W> The headers on the packets coming from your computer won't tell the bank
    > which DNS server you used to get the IP number you used to get to the
    > bank's server.
    >

    W> But if you use a DNS server that gives you the 'wrong' IP numbers, then
    > that suggests that your bank has a problem with it's own DNS
    > arrangements (for telling the public DNS servers what IP number matches
    > the domain names in use). Or perhaps even deliberately arranges for
    > OpenDNS to get a duff IP number so as to discourage customers from using
    > that service? Or OpenDNS have instigated their own re-direct for your
    > bank's domain? Perhaps asking OpneDNS and your bank to comment would be
    > interesting.
    >
    >> Another factor is (I assume) that the DNS machine watches and blocks ad
    >> servers, malware servers, etc, on a packet by packet (or maybe session)
    >> basis. Just checking those addresses will take some amount of time,
    >> and if caching is involved at this point, that would be one more place
    >> where things could slow down.

    >
    > I'm not sure you've quite grasped what OpenDNS, or any DNS server,
    > actually does.
    >
    > I doubt if OpenDNS inspects any of the packets between your computer and
    > any other computer apart from theirs. Once a DNS server has told your
    > computer which IP number to use for a given domain name the DNS server
    > is no longer involved at all - the traffic goes between you and your
    > bank, the DNS server doesn't see any of it. Use a packet sniffer to get
    > a look at the conversations your computer has when you visit a web site.


    I assumed that selectively blocking ads within a page required packet-by-
    packet inspection. If not, my understanding was wrong. ... I am going to
    have to learn how to use wireshark, but that is a topic for another time.
    >
    >> So, for a valid comparison, I would have to use OpenDNS for several
    >> days to see if it starts caching the addys I need, and if the servers I
    >> use start responding more promptly to recognized points/paths of
    >> origin. A pain in the posterior, as OpenDNS currently is ok part of
    >> the time, but part of the time it flat out s*cks.

    >
    > Unless different DNS servers are being told to associate different IP
    > numbers with particular domain names, your bank has no way of knowing
    > which DNS servers you are using.


    Possible. I do not know if it is being done, but banks and credit unions
    have been told to tighten up security, with little definitive guidance on
    how they should do it.

    >> On the plus side, using OpenDNS this evening, the ads I find most
    >> obnoxious in the WSJ pages (the animated flashing things -- I despise
    >> them; have to keep switching between all java off to stop it, and
    >> turning java-script on to forward articles now and then) did not
    >> appear. I suspect they were blocked by OpenDNS (Yea!). I did get ads
    >> in their place, but static ones. Much easier to tolerate.

    >
    > Java and javascript aren't the same thing. Unless you've told OpenDNS
    > to block a specific URL or IP number, they won't. I'd suspect a change
    > in the embedded adverts in the WSJ pages between your visits.


    Yes, I know j & js are entirely separate beasts, and I had not (still have not)
    told OpenDNS to block anything. The change in adverts between visits is
    possible, but a wholesale change from flashing animated things to static
    images is a pretty big change. Not something I would expect to happen
    on a day-to-day basis.

    > I normally browse using Opera, with Java, javascript, plugins, and
    > images, all disabled. Saves a lot of time and annoyance!


    Problem is, I sometimes wish to forward an item, and javascript (and
    maybe java as well) have to be turned on to do that. Turning off
    things does diminish utility to some extent, and the bother of switching
    back and forth is a bother.

    The sites play on that, of course, to keep you looking at what they
    prefer you to see. If I were younger, perhaps I would simply be
    accustomed to it from exposure while in the cradle, but I had to
    learn to tolerate TV ads after age 7 and I do not do that well even
    today. I don't think I am going to fare well with animated versions o
    f Madison Avenue output on the monitor screen.

    W>>> I don't think ping is a useful indicator of how fast your DNS server
    >>> is at responding to your requests - too many other factors

    >>

    J>> I did use dig a bit. Using my router, and the Verizon nameservers,
    >> both delivered query times of around 5 ms, give or take a ms or so,
    >> with a rare exception in the 30-45 ms range. OpenDNS at its best was
    >> in the 6 ms range, but query time between 45 and 60 ms was common, and
    >> it took 82 or 83 ms for one site located on the Left Coast.

    >

    W> Any of those times would seem pretty 'instant'; 100ms is one tenth of a
    > second. 5ms is one two-hundredth of a second - and I don't think I've
    > ever seen a DNS lookup as fast as that; even using my ISP's DNS server
    > 25ms would be unusually quick.
    >

    W>>> I just got a dig yahoo.com query back from OpenDNS in 31ms (which
    >>> isn't too bad for a transatlantic connection during office hours).
    >>> That feels instantaneous to me. Pinging yahoo.com gets a round-trip
    >>> time of about 188ms - and so does pinging 66.94.234.13 thus
    >>> eliminating any DNS element at all in the response of the ping.

    >>
    >>
    >> ; <<>> DiG 9.4.1-P1 <<>> yahoo.com
    >> ;; global options: printcmd
    >> ;; Got answer:
    >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65441 ;; flags: qr
    >> rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
    >>
    >> ;; QUESTION SECTION:
    >> ;yahoo.com. IN A
    >>
    >> ;; ANSWER SECTION:
    >> yahoo.com. 204 IN A 216.109.112.135
    >> yahoo.com. 204 IN A 66.94.234.13
    >>
    >> ;; Query time: 13 msec
    >> ;; SERVER: 192.168.0.1#53(192.168.0.1) ;; WHEN: Thu Feb 21 19:56:59
    >> 2008
    >> ;; MSG SIZE rcvd: 59
    >>
    >> [jim@jb jim]$ ping 66.94.234.13
    >> PING 66.94.234.13 (66.94.234.13) 56(84) bytes of data. 64 bytes from
    >> 66.94.234.13: icmp_seq=1 ttl=54 time=89.7 ms 64 bytes from
    >> 66.94.234.13: icmp_seq=2 ttl=53 time=89.7 ms 64 bytes from
    >> 66.94.234.13: icmp_seq=3 ttl=53 time=89.5 ms
    >>

    J>> As you can see from the above, fiber to the home in my case does
    >> deliver better speed. It probably helps that I live near MAE-East.

    >

    W> Show-off )
    >

    W>> (Maybe when I die, I will get to live near Mae West. What think you?
    >> But I would be willing to settle for Dorothy Parker.)

    >
    > Careful, with modern computerised bureaucracy you could end up with
    > Charley Parker or a mouldy life-jacket.


    Well, Charley is pleasant enough to listen to, though he does not
    measure up in other respects. A fungus-laden garment just would
    not be what the Dr. ordered, though.

    Cheers!

    jim b.

  6. Re: OpenDNS nameservers -- Opinions Sought

    On 2008-02-22, Jim Beard wrote:
    > On Fri, 22 Feb 2008 13:58:18 +0000, Whiskers wrote:
    >> On 2008-02-22, Jim Beard wrote:
    >>> Whiskers wrote:


    [...]

    >> I normally browse using Opera, with Java, javascript, plugins, and
    >> images, all disabled. Saves a lot of time and annoyance!

    >
    > Problem is, I sometimes wish to forward an item, and javascript (and
    > maybe java as well) have to be turned on to do that. Turning off
    > things does diminish utility to some extent, and the bother of switching
    > back and forth is a bother.


    [...]

    I don't know what you mean my 'forward an item' with regard to viewig a web
    page. Do you mean you like to email snippets to people? If so a normal
    copy/paste would work, if you don't just want to email the URL of the
    page. No scripting involved, let alone Java.

    --
    -- ^^^^^^^^^^
    -- Whiskers
    -- ~~~~~~~~~~

  7. Re: OpenDNS nameservers -- Opinions Sought

    On Fri, 22 Feb 2008 13:58:18 +0000, Whiskers wrote:

    > I've never used a 'static' setup for my LAN so I haven't looked into the
    > DNS arrangements for that.


    And I've never used DHCP for mine. At least not for any length of time. It
    really has nothing to do with dns. The router dns server works the same
    for both static and dhcp. You can leave the router as your dns server or
    you can change it to something different on any machine behind it. The
    router is a dns server. It's just gets the url's ip adress from another
    dns server instead of having the huge lookup file itself.

    --
    Want the ultimate in free OTA SD/HDTV Recorder? http://mythtv.org
    My Tivo Experience http://wesnewell.no-ip.com/tivo.htm
    Tivo HD/S3 compared http://wesnewell.no-ip.com/mythtivo.htm
    AMD cpu help http://wesnewell.no-ip.com/cpu.php

  8. Re: [ OT ] OpenDNS nameservers -- Opinions Sought

    I copied in your user.action file, looked at config
    in /etc/privoxy and set the vi options, restarted
    by running privoxy twice, and no problems noted so far.

    Cheers!

    jim b.

    --
    UNIX is not user-unfriendly; it merely
    expects users to be computer-friendly.

  9. Re: OpenDNS nameservers -- Opinions Sought

    Whiskers wrote:
    > I don't know what you mean my 'forward an item' with regard to viewig a web
    > page. Do you mean you like to email snippets to people? If so a normal
    > copy/paste would work, if you don't just want to email the URL of the
    > page. No scripting involved, let alone Java.


    The WSJ has an option to send an article being read to
    someone else. You click on an e-mail this item box,
    and it gives you a dialog box where you enter the
    destination, your email address, and any text you wish
    to add, and it sends it off. javascript must be working
    for this to work.

    jim b.

    --
    UNIX is not user-unfriendly; it merely
    expects users to be computer-friendly.

  10. Re: OpenDNS nameservers -- Opinions Sought

    On 2008-02-22, Jim Beard wrote:
    > Whiskers wrote:
    >> I don't know what you mean my 'forward an item' with regard to viewig a web
    >> page. Do you mean you like to email snippets to people? If so a normal
    >> copy/paste would work, if you don't just want to email the URL of the
    >> page. No scripting involved, let alone Java.

    >
    > The WSJ has an option to send an article being read to
    > someone else. You click on an e-mail this item box,
    > and it gives you a dialog box where you enter the
    > destination, your email address, and any text you wish
    > to add, and it sends it off. javascript must be working
    > for this to work.
    >
    > jim b.


    Hmmm. I hope your recipients don't mind their email addresses being put
    on WSJ's little list )

    --
    -- ^^^^^^^^^^
    -- Whiskers
    -- ~~~~~~~~~~

  11. Re: OpenDNS nameservers -- Opinions Sought

    Whiskers wrote:
    > Hmmm. I hope your recipients don't mind their email addresses being put
    > on WSJ's little list )


    Correct. Most go to one recipient. She has yet to complain.

    Cheers!

    jim b.

    --
    UNIX is not user-unfriendly; it merely
    expects users to be computer-friendly.

  12. Re: OpenDNS nameservers -- Opinions Sought

    On Feb 22, 12:08*pm, Jim Beard wrote:

    > Well, I am back toOpenDNSthis morning, and machine response
    > is not as snappy as I am accustomed to, but it is tolerable.
    >


    Well, if you're ever in doubt, you can try switching from OpenDNS to
    ifirefly, a free DNS service.
    http://www.ifirefly.com

    If you're slow with both, it's probably neither's fault. Your problem
    is probably elsewhere.

+ Reply to Thread
Page 3 of 3 FirstFirst 1 2 3