Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
tech_notes:dns [2024-05-18 Sat wk20 17:13] baumkptech_notes:dns [2025-08-09 Sat wk32 11:11] (current) – [Public DNS providers] baumkp
Line 21: Line 21:
  
  
-There are a number of levels of DNS. +There are a number of levels of DNS, the system interrogates in the following order: 
-  - host file,  this is a basic file on each computer where +  - host file,  this is a basic file on each computer operating system 
 +    -The usual automatic entries are: 
 +      -The local machine host name and ip address 
 +      -The loop back address 
 +  - Additional manual entries can be added for any host name and IP address.  (This can be hand on occassions, such as setting up VPNs where the setup process changes internet access for DNS stop working.  The host file manual can still allow address resolution.
   - local dns resolver   - local dns resolver
     - machine based     - machine based
 +      - many operating systems have a local caching DNS server installed to improve DNS performance.
     - LAN based     - LAN based
-  ISP resolver+      This can act as a local caching DNS server and also be used for LAN  
 +  - public resolver
   - authoritative domain resolver   - authoritative domain resolver
  
 +=====Public DNS providers=====
 +  - [[https://www.quad9.net/|Quad9]], free no commercial foundation. <fc #008000>Quad9 is my current preferred DNS provider, and is also one of the fastest in my area.</fc>
 +    - IPv4 (filtered)
 +      -  9.9.9.9
 +      - 149.112.112.112
 +    - IPv6 (filtered)
 +      - 2620:fe::fe
 +      - 2620:fe::9
 +    - [[https://www.quad9.net/service/service-addresses-and-features|Quad9 Service Addresses & Features]] some other options
 +  -  [[https://www.opendns.com/|OpenDNS]], belongs to Cisco
 +    - IPv4
 +      - 208.67.222.222
 +      - 208.67.220.220
 +    - IPv4 (filtered family shield, not-configurable)
 +      - 208.67.222.123
 +      - 208.67.220.123
 +    - IPv6 (filtered) 
 +      - 2620:119:35::35
 +      - 2620:119:53::53
 +    - IPv6 (unfiltered)
 +      - 2620:0:ccc::2
 +      - 2620:0:ccd::2
 +  - [[https://one.one.one.one/dns/|one.one.one.one]] (Cloudflare) <fc #008080>I prefer not to use Cloudflare services.</fc>
 +    - IPv4 (unfiltered)
 +      - 1.1.1.1
 +      - 1.0.0.1
 +    - IPv6 (unfiltered) 
 +      - 2620:4700:4700::1111
 +      - 2620:4700:4700::1001
 +    -  See [[https://one.one.one.one/family/|one.one.one.one/family]] for filtered options
 +  - [[https://developers.google.com/speed/public-dns/|Google Public DNS]] (Google) <fc #ff0000>I very much prefer not to use Google services.</fc>
 +    - IPv4 (unfiltered)
 +      - 8.8.8.8
 +      - 8.8.4.4
 +    - IPv6 (unfiltered) 
 +      - 2001:4860:4860::8888
 +      - 2001:4860:4860::8844
 +=====Linux DNS Setup=====
 +The local OS DNS servers are specified in ''/etc/resolv.conf''
  
 +The bind9 file that configs the DNS forwarders is ''/etc/bind/name.conf.options'', the DNS ''forwarders'' are configured.
 +++++/etc/bind/name.conf.options (forwarders directive only)|
 +<code>  forwarders {
 +    //quad9 with basic malware blocking, no ECS
 +    9.9.9.9;
 +    149.112.112.112;
 +    //Cloudflare basic
 +    //1.1.1.1;
 +    //1.0.0.1;
 +    //Cloudflare with basic malware blocking
 +    1.1.1.2;
 +    1.0.0.2;
 +    //Opendns basic
 +    208.67.222.222;
 +    208.67.220.220;
 +    };</code>
 +++++
 +
 +The kea dhcp configuration has the following related to DNS and gateway setup.
 +++++dhcpv4.conf|
 +<code yaml>  "subnet4": [
 +    {
 +      "subnet": "192.168.1.0/24",
 +
 +      // There are no relays in this network, so we need to tell Kea that this subnet
 +      // is reachable directly via the specified interface.
 +      "interface": "enp1s0",
 + 
 +     "pools": [
 +        {
 +          "pool": "192.168.1.100 - 192.168.1.200"
 +        }
 +      ],
 +    "option-data": [
 +      {
 +        "name": "routers",
 +        "data": "192.168.1.1"
 +      },
 +      {
 +        "name": "domain-name-servers",
 +        "data": "192.168.1.14,192.168.1.2,9.9.9.9"
 +      }
 +    ],</code>
 +++++
 +
 +=====DNS Performance Checker=====
 +A good resource for checking DNS performance is from [[https://www.grc.com|GRC Gibson reserch Corporation (Steve Gibson)]].  The speed checker bench marking program [[https://www.grc.com/dns/benchmark.htm|GRC DNS Bench marker]] is only Windows based.  It reportedly runs in Linux/WINE.
 +When run on 2025-08-09 basic performance rankings with average cached response times are:
 +  1. QUAD9-AS-1, US (3ms)
 +  1. CLOUDFLARENET, US (3ms)
 +  2. CISCO-UMBRELLA, US (38ms)
 +  3. GOGGLE, US (47ms)
  
 <- tech_notes:ascii|Back ^ tech_notes:index|Start page ^ tech_notes:markdown| Next-> <- tech_notes:ascii|Back ^ tech_notes:index|Start page ^ tech_notes:markdown| Next->