Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Caching DNS server suggestions?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Cyker
Veteran
Veteran


Joined: 15 Jun 2006
Posts: 1497

PostPosted: Fri Sep 13, 2013 11:33 pm    Post subject: Caching DNS server suggestions? Reply with quote

Hey all,

I've been having issues with my ISP and DNS lately which is causing massive delays and timeouts for DNS lookups; I often have to refresh pages several times before the Looking up <FQDN> changes to Connecting to <FQDN>.

I tried installing BIND to try and mitigate this but have discovered it's mostly useless as it still seems to be sending all requests up to the various forwarders instead of pulling them from its cache and not really speeding up DNS resolution at all.

It turns out this is because lots of sites (Facebook and Google to name two major ones) have very low TTLs so they effectively don't get cached at all.

Now, BIND has setting to limit the maximum TTL/expiry of an entry but no way to force a minimum.

Does anyone know of such an alternative that does?

Ideally, I'd like something that stores cached entries for much longer, e.g. a week, and returns that value as soon as it's queried, but on querying, also sends a request to the forwarder (So that if the forwarder *is* changed and/or not dead the entry gets updated as it should). It should also return the correct TTL to queries so local caches expire at the right time.

Is there such a thing??
Back to top
View user's profile Send private message
666threesixes666
Veteran
Veteran


Joined: 31 May 2011
Posts: 1237
Location: 42.68n 85.41w

PostPosted: Sat Sep 14, 2013 1:22 am    Post subject: Reply with quote

both dnsmasq and bind can do what you want, though dnsmasq is quite a bit more apparent as to whats going on. if you look at the wiki page it resolves against 8.8.8.8, googles dns cutting your isp's dns out of the equation. only down side you need to run dnsmasq, or bind. why not just set /etc/resolve.conf to 8.8.8.8, emerge namebench & benchmark some dns servers for future use?
_________________
cat /etc/*-release
Funtoo Linux - baselayout 2.2.0
consider this warning no. 1
https://wiki.gentoo.org/index.php?title=Special:Contributions/666threesixes666&offset=&limit=500&target=666threesixes666
Back to top
View user's profile Send private message
PaulBredbury
Watchman
Watchman


Joined: 14 Jul 2005
Posts: 7310

PostPosted: Sat Sep 14, 2013 5:53 am    Post subject: Reply with quote

The advantage of BIND (which I use, and always recommend) is that it performs DNS resolution properly, without using an ISP's crappy caching DNS server.

Have you mistakenly set up BIND to still use a crappy caching DNS server?

Do you really have a DNS-specific problem, or a general network problem?
Back to top
View user's profile Send private message
Cyker
Veteran
Veteran


Joined: 15 Jun 2006
Posts: 1497

PostPosted: Sat Sep 14, 2013 1:19 pm    Post subject: Reply with quote

<Tangential>
To be honest, I don't know what it is. I *suspect* my line has some sort of interference issue and is dropping/corrupting packets but I haven't been able to prove it and my ISP say everything is fine on their side and that it must be something at my side (Which they pretty much always do)

Most DNS benchmarks show extremely rapid reply rates from my ISP's DNS, which is weird given what I'm experiencing, but one of them, (Steve Gibson's one from grc.com, yes yes it's Windows...!) noted that it was experiencing high loss intermittently during the tests which none of the other programs flagged up.

Additionally, tunnelling with PuTTy works but pings show very high latency (Like, 2-3+ seconds!), and OpenVPN works but shows lots of dropped pings and cuts out very often.

Clearly something is messed up, but at this point I wouldn't know where to start and as I am getting a pretty solid 100mbps down and 10mpbs up from speedtest.net, as far as my ISP is concerned there is no problem.
</Tangential>

So, I am looking for things to mitigate the problem at my end, in this case, a local DNS server!

I'm 99% sure neither BIND nor dnsmasq are capable of doing what I am after (In fact, other people who have asked have been told explicitly that neither program will ever support what I am trying to do as it 'breaks DNS', and that the user would have to hack the source themselves if they wanted such a feature!)

I have been pointed at unbound so I'm going to try that out; That does have options to ignore the TTL of authoritative servers, which would stop it always going to the forwarder due to the cache expiring so quickly, but alas doesn't check the DNS record within that TTL and so may cause problems with Dynamic DNS hosts...

I must admit I am not too knowledgeable with DNS stuff and am finding it difficult to articulate what I am trying to achieve!

For instance tho, both BIND and dnsmasq will cache DNS entries when queried. However, if the DNS entry has a TTL of, say, 10 seconds, it will stay in the cache for 10 seconds and the be removed.
This means, if someone requested that same DNS entry 20s later, BIND/dnsmasq has to go ask the forwarder again and so no benefit is achieved.

What I want is something that will:
1) Keep entries in the cache beyond the TTL time, e.g. up to a week, and return that instantly when requested instead of going to the forwarder
2) If the TTL *would have* expired, then it should also query the forwarder and update the cache (AFTER replying to the client UNLESS the forwarder replies within, say, 5ms, so there is no waiting for the client)

I hope this explains it a bit better...!
Back to top
View user's profile Send private message
PaulBredbury
Watchman
Watchman


Joined: 14 Jul 2005
Posts: 7310

PostPosted: Sat Sep 14, 2013 1:50 pm    Post subject: Reply with quote

Try e.g. MTU, and quit blaming DNS ;)
Back to top
View user's profile Send private message
Cyker
Veteran
Veteran


Joined: 15 Jun 2006
Posts: 1497

PostPosted: Sat Sep 14, 2013 2:33 pm    Post subject: Reply with quote

???!!!
Back to top
View user's profile Send private message
Cyker
Veteran
Veteran


Joined: 15 Jun 2006
Posts: 1497

PostPosted: Sat Sep 14, 2013 5:03 pm    Post subject: Reply with quote

Woo! Unbound works!! :D

I did find a patch for dnsmasq which allows one to override the TTL but it was more work to integrate it into Gentoo than I wanted for what's essential a quick fix, so I just went with Unbound.

Set the minimum TTL to 600000 seconds so it actually caches the addresses for a vaguely useful period of time instead of a handful of minutes!

Testing with drill, I was getting query times of between 100ms and 4000ms when querying www.google.com and www.facebook.com via my ISP and 8.8.8.8 at intervals of several minutes, averaging in the high 2000's; Unbound gave a response time of 3000ms for the first query but after that I'm getting 1 and 2 ms response times so as workarounds go this seems to have done the trick.

As predicted there are issues with DDNS hosts but I can manually purge those when I need to update them.
Back to top
View user's profile Send private message
thegeezer
n00b
n00b


Joined: 11 Jul 2010
Posts: 32

PostPosted: Tue Sep 24, 2013 9:33 pm    Post subject: poor isp Reply with quote

have to be honest - the 3 seconds time for initial dns query is really poor
you might want to get that looked at as DNS is very light in terms of IP
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum