What do you guys like for your /etc/resolv.conf?
D-Existential and N-phenomenological S-investigations:
Who should Darkstar use to resolve DNA DNS requests? Why!?
Eeeks! We can get IPv6 addresses via DNS requests sent over IPv4, but don't we need an IPv6 address or two in our /etc/resolv.conf?
If the DNS system experienced "trouble," would we be better with a longer list of resolvers than two each IPv4 and IPv6? Back in the old days I remember seeing a long list which included, among other things, all of the DNS root servers. Perhaps sending DNS requests to the root servers might not work nowadays.
D-Mumbles, N-rumbles, S-tumbles
tom@darkstar:~$ cat /etc/resolv.conf
options single-request
search metalvps.com
nameserver 1.1.1.1
nameserver 1.0.0.1
tom@darkstar:~$
## Perhaps 20 times as long to ping 1.1.1.1 as 8.8.8.8? Really!!??
tom@darkstar:~$ date; time ping -c 2 1.1.1.1
Sat Dec 18 21:17:41 UTC 2021
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=57 time=21.2 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=57 time=21.2 ms
--- 1.1.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 21.221/21.226/21.231/0.005 ms
real 0m1.030s
user 0m0.004s
sys 0m0.001s
tom@darkstar:~$ date; time ping -c 2 8.8.8.8
Sat Dec 18 21:17:55 UTC 2021
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=115 time=0.952 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=115 time=0.872 ms
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.872/0.912/0.952/0.040 ms
real 0m1.008s
user 0m0.003s
sys 0m0.001s
tom@darkstar:~$
References:
"Up to MAXNS (currently 3, see <resolv.h>) name servers may be listed, one per keyword. "
-- https://www.man7.org/linux/man-pages/man5/resolv.conf.5.html
"DNS NSS improvement" "Add “single-request” to the options in /etc/resolv.conf. "
-- http://udrepper.livejournal.com/20948.html
I hope everyone gets the servers they want!
Comments
Typically, I configure two resolvers.
No hostname left!
I use 1.1.1.1 and 8.8.8.8 plus Google's ipv6 resolver.
No other fancy stuff he he
Get the best deal on your next VPS or Shared/Reseller hosting from RacknerdTracker.com - The original aff garden.
I use quad9 as well.
Google DNS might be in the same DC as your machine and Cloudflare somewhere further, therefore the difference between them.
The all seeing eye sees everything...
same here
I bench YABS 24/7/365 unless it's a leap year.
You bring shame to the MJJ family.
No Ali/Tencent/Baidu resolvers.
blog | exploring visually |
dns.he.net?
This one I have to quote in full because of what he he he HE @bdl said. Hehe!
I hope everyone gets the servers they want!
And disable IPv6
Not really. Typically, 2, maybe 3 "large" providers are more than enough. Seems Google is fastest for your case, so I'd use that first, with Cloudflare/Q9, Cisco, as backup.
Not a good idea.
1.1.1.1
9.9.9.9
1.1.1.1 is good enough
If we are talking about servers (virtual or not), my resolv.conf usually includes just a
nameserver 127.0.0.1
which leads to a dnsdist service.
dnsdist may be configured to fetch results from your poison of choice (including 1.1.1.1, 9.9.9.9, 8.8.8.8 or whatever) or your local resolver; in the latter case your local named-chroot (or w/e) should pick a different privileged port on the
listen-on port
directive (if your resolver isn't on a remote box)(possibly not an open resolver)For a while I played with alternative roots (it's quite sad to see that the ORSN domain has been squatted by someone else), some boxes still rely on OpenNIC Tier 1 servers for their main resolver
On my to-do list there's handshake DNS (maybe during holidays I'll give a more serious look); the famous public resolver nextdns.io is "Handshake domain"-compatible already
Usually I do not change DNS myself.
However, some VPS use cloudflare DNS which failed occasionally, so I changed them into 8.8.8.8
8.8.8.8 and 9.9.9.9
I use DNSBench from GRC to test what are the fastest DNS servers on a given internet connection and use those. https://www.grc.com/dns/benchmark.htm
(Runs both on Windows and in WINE)
I also put into consideration the privacy policy for the DNS servers I will be using, as well.
My personal go-to favorite is Hurricane Electric's (74.82.42.42).
Cheap dedis are my drug, and I'm too far gone to turn back.
Hi @CamoYoshi ! Nice to see you! Just for fun:
Friendly greetings from NYC and Sonora, MX! 🗽🇺🇸🇲🇽🏜️
I hope everyone gets the servers they want!
Google likely colo some servers in the same data center.
In reality, you're really not going to notice the difference between 1ms and 21ms. The difference is only slightly longer than the time taken to render a single frame at 60fps (~16.6667ms). Generally humans don't notice anything less than ~40ms. Plus, any commonly accessed hosts will be in the local cache anyways.
Daniel15 | https://d.sb/. List of all my VPSes: https://d.sb/servers
dnstools.ws - DNS lookups, pings, and traceroutes from 30 locations worldwide.
For the first nameserver in
/etc/resolv.conf
, I typically use the provider's dns if they have one (most do not, these days). Then I ping each of the following and list them in order of quickest to slowest, up to 3.google public dns - 8.8.8.8 or 2001:4860:4860::8888 with ipv6 support
cloudflare - 1.1.1.1
he - 74.82.42.42 or 2001:470:20::2
On rare occasions, I've had to use another from this list https://gist.github.com/mutin-sa/5dcbd35ee436eb629db7872581093bc5
I usually add
options rotate
so that load balancing is done among the three nameservers"A single swap file or partition may be up to 128 MB in size. [...] [I]f you need 256 MB of swap, you can create two 128-MB swap partitions." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 49)
8.8.8.8
Provider's DNS or (if provider's DNS is not available) 1.1.1.1
2001:4860:4860::8888
Recommend: MyRoot.PW|BuyVM|Inception Hosting|Prometeus
Provider HDNS: 103.196.38.38, 103.196.38.39
DNS resolvers are overrated.
I use pure non-GMO p2p internet.
PS: Via telepathic layer 2.
I've recently been stumbling around @Not_Oles Darkstar server in a semi-demented haze, probulating the relative responsiveness of 1.1.1.1 vs 8.8.8.8 vs 74.82.42.42 ...
(Trying to figure out source of occasional 5-second delays in DNS lookups, under the possibly dubious assumption that it may relate to how ipv6 lookups are handled as per https://udrepper.livejournal.com/20948.html - or could it be something else ...?)
Whatever's going on is not at all clear to me (nor would it be, I'm a noob when it comes to networks) - but so far it seems like the HE dns is doing a lot better than 1.1.1.1 and 8.8.8.8 - at least when testing on the Darkstar server (levelone network in Dallas routing through path ddos then hivelocity)
some more notes here, doing similar tests from various providers in Dallas https://wiki.metalvps.com/chat/20211223/?updated
no idea what's going on, so it's kind of "interesting" .... Hoping to eventually understand some of this a bit better!
HS4LIFE (+ (* 3 4) (* 5 6))
Hi @uptime! Is it unambiguous in the above results whether the http transfer being timed took place over IPv4 or IPv6?
Even though the DNS inquiries apparently took place only over IPv4 the results presumably were returned in both IPv4 and IPv6. I believe both ends of the http transfer are IPv4 and IPv6 enabled.
How might we know whether the specific http transfer delay being logged was due to DNS delay or perhaps was due to some delay related to the sender's or the receiver's IPv4 or IPv6 use or switching between the two? Maybe something like what Drepper was talking about on the page to which you linked?
Hope this is helpful! Friendly greetings from Sonora! 🏜️
I hope everyone gets the servers they want!
I think so, if the
--ipv4
parameter tocurl
does what it says on the tin:that's my story, and I'm sticking to it!
HS4LIFE (+ (* 3 4) (* 5 6))
@uptime Thanks! Maybe there might remain nevertheless a bit of IPv4/IPv6 ambiguity.
Suppose curl wants IPv4 because it saw the -ipv4 parameter, but DNS wants to hand curl an IPv6 address, and the result is a delay. Is this too crazy?
Suppose we put the IPv4 address for the target http server into /etc/hosts and tried the test that way. . . . Presumably the IPv4 address might be consistently taken from /etc/hosts. The five second delays might or might not remain, and we could try to figure out why.
Maybe some kind of verbose logging of the DNS requests might be possible and helpful?
Friendly greetings!
I hope everyone gets the servers they want!
seems like a long shot ...? but here we are. Lol!
I think some judicious packet captures (using
tcpdump
) could be helpful to take a closer look.Might could go through the
curl
code (just a few tens of thousands of possibly relevant lines of c)I've seen mention of an "ipv4-only" build for curl (from a quick peek at the source) ...
hmmm ...
something something HAPPY_EYEBALLS_DNS_TIMEOUT ftw ...?
HS4LIFE (+ (* 3 4) (* 5 6))
from https://man7.org/linux/man-pages/man3/resolver.3.html
Just wondering if something like setting a resolver debug option might be helpful? Dunno. Have to see if the debug code includes timestamps? Or maybe add them?
¡Saludos!
I hope everyone gets the servers they want!
All options are on the table.
Shave every yak, I say!
And let root sort them out.
Anyhoo. Here's a fun read:
IPv6, Large UDP Packets and the DNS
Edit2: Moar, better, from June 2020, explains Happy Eyeballs and more -> https://www.potaroo.net/ispcol/2020-07/dns6.html
HS4LIFE (+ (* 3 4) (* 5 6))
4.4.4.4 if you are MjJ
@dahartigan
blog | exploring visually |