crenca Posted April 27, 2019 Share Posted April 27, 2019 Jud, this is a home network right? What does local DNS caching get you performance-wise, say over just pointing your border device to Google's public DNS servers and letting them do the work? Hey MQA, if it is not all $voodoo$, show us the math! Link to comment
crenca Posted April 27, 2019 Share Posted April 27, 2019 12 minutes ago, mrvco said: It can be a bit faster and work if your chosen DNS servers are down. There are also the privacy concerns related to informing Google of your every interaction with the Internet. Cloudfare's 1.1.1.1 / 1.0.0.1 DNS servers are a good alternative that are a bit faster without directly contributing to Google's already vast db of information. It's slower than Cloudflare, but I also use quad9 DNS as well without issue. All true. I don't know what the uptime stats on Google's or these other DNS providers are, but I bet they are more reliable (much more) than any consumer (i.e. "home") grade equipment and DNS cache. Putting aside the wider issues of Big Corp data collection/oversight, I was wondering why (barring some oddity in ISP service, etc.) anyone would cache DNS locally in a home networking environment. DNS is basic backbone stuff - why reinvent the wheel with cheap and spotty reliable consumer grade crap? Jud's friendly comment box Net Admin recommends he turns that crap off, KISS it, etc. Why he is at it he can get rid of his cable risers, grounding boxes, and dubious formats/encodings as well 😋 Jud 1 Hey MQA, if it is not all $voodoo$, show us the math! Link to comment
crenca Posted April 28, 2019 Share Posted April 28, 2019 38 minutes ago, John Dyson said: If you get that fast a ping time (much faster than my 20-30msec), then it makes little (but still SOME -- transient network issues) difference to use a caching server . Just checked dig (the interactive dns lookup program) and get 22msec, so it is a little faster than I thought. I was thinking closer to 25-30msec. Since caching servers are so simple to enable, then why not? I'd expect that Windows probably has its own local caching, and on Linux derived systems - which is an indirect descendant of the traditional internet machines for over a decade -- all kinds of internet tools are easily available and simple ones are easy to use. When doing one of the crazy WWW pages with nonsense from all over the place WRT advertisements, the delays can add up with a 20msec ping time. I also use Comcast, but only an 'advertised 60Mbps', but 90 in reality. Nowadays faster connections are often available, but super fast data rates dont automatically mean fast ping times. So, if you get 10-20msec, then it probably isn't too bad, but at 20msec or more, I'd definitely do local caching just because it is so cheap and easy. If it was brain surgery to put together a caching server, I'd slough it off -- but caching servers are infinitely more simple to use than Bind, even when using Bind in caching mode (well, if your vendor didn't give you a simple caching config file.) Of course, nowadays Bind might be easier to config. The simple caching servers are TRIVIAL to set up -- zero cost, only benefit. John I think you and @Jud's experience answered your own question. With typical bandwidth and latency now an order of magnitude better than "real T1's" of your day (and mine in corp IT land), why another point of failure (even though yes, DNS and DNS caching is a relatively simple, perhaps even "trivial" IT exercise) and task being given to rock bottom quality equipment and software? Since home networking equipment is the equivalent of those cheap earbuds and DAC/amps (made in China with parts that cost mere pennies) that most listen to their 128kbs mp3's on, why are we even discussing the equivalent of asking them to play 24/96 through them and "hear" the difference? Hey MQA, if it is not all $voodoo$, show us the math! Link to comment
crenca Posted April 29, 2019 Share Posted April 29, 2019 38 minutes ago, John Dyson said: I consider needing an extra external network transaction as being a point of failure or congestion. If a caching server fails (so easy to fire-up on machines nowadays, and Windows already does the caching -- must be simple), then there are problems that would probably make using a WWW browser impractical :-). It's the opposite. The transaction is trivial given normal bandwidth/latency, thus making the whole WWW thing even more practical than it was 20 years ago when local DNS caching was actually needful in many situations. 42 minutes ago, John Dyson said: It is just SO easy to put together a caching server if you already have some kind of server on the network, and under Linux or whatever -- it is triival. Under WIndows, I think that one needs to disable the local caching server if you don't want it (AFAIR.) Easy does not make it necessary or even wise. Besides, @Judlow powered, poorly programed, cheap as China home networking gear was trying to play this role - not a desktop OS. 44 minutes ago, John Dyson said: Also, a local DNS server shouldn't be a local point of failure -- the system (properly designed) goes off and grabs another source if there is a problem. The major time where there is a problem is when there are problems with the root servers and then problems propagate down, but I seem to remember that (roots having connectivity problems) has bene mitigated. I'd' suspect that organizations like Comcast might even fake themselves as root servers? The internet is still the wild west in a lot of ways. Right, so why would it be wise for the "average" home network and non-technical user want to wade into this - with equipment that is far worse/reliable than the upstream ISP equipment, to say nothing of Google's DNS infrastructure (or the other choices available)? Barring the oddity in ISP service, 99.99999999% of home users don't need to be caching DNS for any reason, no matter how easy it is. Sure, if they want to play around, poke, hack, learn, etc. Still, I hope no "average" home user reads this thread and gets the idea that local caching will be anything other than fun and games - or worse, that it will somehow improve their audio experience.... 😋 On the other hand, you folks with teenager who think your "safe" browsing app is anything more than a DNS service redirect, and that your teenager did not figure out how to get around it in 2.3 seconds....perhaps you need to play around a bit and become aware of some basic Internet wonkery... Hey MQA, if it is not all $voodoo$, show us the math! Link to comment
crenca Posted April 29, 2019 Share Posted April 29, 2019 3 minutes ago, John Dyson said: But, your windows box has a caching server built in (AFAIR.) John Right. Back in the olden days with Windows NT (both server and desktop), "ipconfig /flushdns" was basic network fix stuff. I have long forgotten what the persistence of this cache was (and is). Still, this is not the same as setting up a DNS "caching server" with your cheap-ass chi-fi home networking crap gear in the modern situation of ISP DNS service (or Goggles, or...) which is fast as hell and has an uptime several orders of magnitude greater than whatever you can pull off with your China Net gear like Jud sort of stumbled into 😋 🤣 Hey MQA, if it is not all $voodoo$, show us the math! Link to comment
Popular Post crenca Posted April 29, 2019 Popular Post Share Posted April 29, 2019 I'm going to swim upstream and say that for many home networks, paying for the hardware/subscription of a border firewall/security device is probably not money well spent. Your just not that interesting to hackers, and your ISP supplied/rented modem/router and OS firewall is "good enough". Any malware you get is likely because of your own online behavior, and not an external attack. Any problems with basic IP infrastructure you are likely to have are due to your cheap chi-net gear, not "hackers". I run a commercial grade device at my home, but that is because I have children who are growing up and I run a tight ship vis-a-vis porn, social media, video screen time, and the like, and I have the background to leverage a "real" border device in this way. In other words I am using it for internal control, not for external threats. Still, it ain't cheap and is certainly not a general recommendation... Sonicularity and phosphorein 2 Hey MQA, if it is not all $voodoo$, show us the math! Link to comment
crenca Posted April 30, 2019 Share Posted April 30, 2019 2 minutes ago, daverich4 said: This might be a little off topic but as I assume everyone here uses a router connected to the internet, maybe not. I've run the Netgear Orbi setup for a couple of months and based on your post I took a look at the log for the first time. Last night I apparently had over 30 attacks, most of them DOS attacks. (Why that type I have no idea, it's not like I'm running an online service or anything) Should that be a source of concern? The answer to this question is usually/generally "no" given your situation (home network, not running web service, etc.). 4 minutes ago, daverich4 said: Something else? On another note, I'm under the impression that to get into the router settings as an administrator you need to be on the same network as the router. Is that correct? Yes...unless you have intentionally/accidentally enabled your router's management to be allowed on the public (internet or ISP) facing port. You can confirm this in the management interface. 6 minutes ago, daverich4 said: The password I use for admin access is a combination of letters and numbers that mean something to me (not my birthday or anything you could look up). Do I need to create some super password for my router or would someone have to be at least in my driveway and know the wifi password to get into it? This is always a balance and a pragmatic matter. You want a fairly "randomized" password with a mix of letters, numbers, and characters (such as ^ and !), but you have to be able to remember it. Hey MQA, if it is not all $voodoo$, show us the math! Link to comment
crenca Posted April 30, 2019 Share Posted April 30, 2019 11 minutes ago, daverich4 said: Thanks for the response. As far as I can tell, I haven’t accidentally opened my router to the outside. For sure not on purpose. As far as the password goes, that only applies to keeping out people from the wi-fi network? Like my neighbors? There are at least two passwords you should have configured (assuming a standard wifi/router and/or ISP router): 1) one for end users to be be able to access your wifi broadcast (i.e. obtain an IP address via DHCP) 2) one for the management interface itself, which you access from the private (i.e. non routable IP address space) network on your side (opposite the web/ISP facing port), usually with a browser. Many of these routers (most?) also allow you to manage the router itself from the web/ISP port as well, but this is a risk and not usually recommended. If you have turned this turn it off. edit: If it is not obvious, don't have these two passwords be the same! Hey MQA, if it is not all $voodoo$, show us the math! Link to comment
crenca Posted April 30, 2019 Share Posted April 30, 2019 Just now, mansr said: They'd be even harder to guess if you didn't tell everybody on the internet the pattern you use to generate them. I just use the name of the club that won the premier league last year. This forces me to change it every year, which I probably would not do being lazy and all... Hey MQA, if it is not all $voodoo$, show us the math! Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now