Re: Help understanding nameservers
- From: Felix Tiede <f.tiede@xxxxxx>
- Date: Sat, 06 Sep 2008 12:13:11 +0200
CRC wrote:
Hi:
Usually everything works, but today I've been noticing sporadic failures
of DNS resolution while web browsing.
I have a Linksys WRT54G connected to a SBC/Yahoo DSL modem. A pair of
openSuse 10.3 boxes connect to that. I have had /etc/resolv.conf set to
the router's IP:
# cat /etc/resolv.conf
nameserver 192.168.1.1
domain mydomain.org
The router magically sets up DNS servers through DHCP when it logs into
SBC. It's status info shows that it's using these DNSs:
DNS 1: 68.94.156.1
DNS 2: 68.94.157.1
Those are DNS machines used by your Dial-Up provider to enable its customers
to use nameresolution, they do not need to be publicly available to
non-customers.
These don't agree with the DNS servers indicated here for SBC/Yahoo DSL:
http://portforward.com/networking/dns.htm
Which might be out-of-date (I found no information on latest activity on
that page).
which are:
206.13.31.13
206.13.28.60
206.13.31.5
206.13.28.31
When I manually put these into my /etc/resolv.conf, then all my host
lookups fail:
> host www.americashredding.com
Host www.americashredding.com.mydomain.org not found: 5(REFUSED)
Same as above, these are for the provider's customers only and if you are
not a customer of SBC/Yahoo DSL (doesn't matter where your modem comes
from, it's important where it connects to) you are not allowed to use them.
When I put in one of the publically available DNSs from the Portforward
site, then things work. For ex. using 4.2.2.1:
> host www.americashredding.com
www.americashredding.com is an alias for americashredding.com.
americashredding.com has address 66.160.191.230
americashredding.com mail is handled by 0 americashredding.com.
When I stick the router's DNS IPs into /etc/resolv.conf, it works as well.
Your router does not have its own nameserver. It just forwards DNS requests
to those given to it and forwards answers back to the local machine the
request came from. That's why the router's address in your resolv.conf
works precisely as good as the addresses the router got from your provider.
My question is simply, how to set up a fast and reliable DNS
configuration in /etc/resolv.conf? Should I fix the ISPs DNS addresses
in /etc/resolv.conf, or use the router?
Use the router. If your provider chooses to change nameserver addresses for
whatever reason your router will know upon next dial-in. Using the
addresses directly on your hosts you'd have to manually change all your
hosts and at that time the old addresses are most likely out-of-order
(otherwise you wouldn't have noticed if you don't check with your router
regularly).
I would like to use the options:
options timeout:1
and possibly:
options rotate
According to my manpages there are no such options to resolv.conf
If using your router your router will figure out a not responding nameserver
and use the next. Usually the provider publishes the best and fastest
nameserver first and the second address is just an (anyway required)
fallback if the first one should fail.
If not using your router your system's resolver will act the same way so its
just a faster processor doing the same task. But the bottleneck here is
your network connection and speed of nameservers so it won't do you any
good.
with a list of 3 nameservers in order to speed resolution in case one is
sluggish. Is it best to omit the rotate option? I suppose that would
depend on whether you know one server is usually fastest, then rather
than load balancing, just putting that first without rotate would give
best performance.
If your provider is not completely braindead - okay, bad suggestion, there
are a lot of criminally braindead providers out there - the first
nameserver given by the provider should be fastest.
Another question is: Is it best to use the ISPs internal DNS servers
for best performance, or might publically known servers also perform
well. Is there a way to nechmark server performance, and would such a
measurement mean anything for future resolutions?
Nameservers use caching. Thus if a nameserver was asked for an IP address it
caches the answer as long as it could, using information provided by the
domain the IP belongs to. The main difference between your provider's
nameservers and publicly available ones is a longer route - you most
certainly need to leave your provider's network and traverse a number of
other networks before reaching a public nameserver. This slows down your
requests.
Best chance with publicly available nameservers is when they use better
hardware and lots and lots and lots of more ram so old requests have not
vanished from their caches before the request's caching time was up anyway.
But then your provider's nameservers may also have a huge amount of ram and
may not receive as much requests as a public nameserver so their caches
last longer.
If you suffer from regular long waiting times before a request is answered
(Firefox says something like "Finding www.whatever.com...." in its status
bar, _not_ "Connecting to www.whatever.com...") you can as well try with a
public nameserver. My experience showed that it's not the nameserver which
slows down browsing but webservers which do not answer fast...
Hope that helps.
Felix
.
- Follow-Ups:
- Re: Help understanding nameservers
- From: CRC
- Re: Help understanding nameservers
- From: Clifford Kite
- Re: Help understanding nameservers
- References:
- Help understanding nameservers
- From: CRC
- Help understanding nameservers
- Prev by Date: Re: LAN IP addresses
- Next by Date: Re: Port forwarding with iptables not working
- Previous by thread: Help understanding nameservers
- Next by thread: Re: Help understanding nameservers
- Index(es):
Relevant Pages
|
