Main Area and Open Discussion > Living Room

PLEASE, Host Your Own DNS Server

(1/3) > >>

Ehtyar:
After reading this story last week about Comcast responding to invalid DNS queries with their own little search page, I decided I was pissed off. This deplorable behavior can be found in an increasing number of locations on the web, but is utterly unacceptable to most power users, and is blatant money grabbing otherwise.

The first port of call for users unhappy with their ISPs DNS service is typically "Open"DNS. Unfortunately, they're doing the same thing, and have been doing so with an alarming level of success for quite some time (please, I don't want to hear any of this "it's for security" crap, this is a blatant lie and fundamentally breaks DNS for any non-browser client; they do it to make a easy, fast buck).

You have only two remaining alternatives, use a random public DNS server, or run your own. Selecting a public DNS server can be a perfectly acceptable solution. US ISPs host a set of very stable and high availability DNS servers freely (4.2.2.1-6), but if you're outside of the US, latency will start getting a little ridiculous. Your choices become limited outside of those as you have very little indication of future availability and trustworthiness, indeed there's no assurance that 4.2.2.1-6 will remain online in the future. However, you can find a list of some well known public DNS servers in this post on DSLReports.

The only remaining option is to host your own server. I strongly advocate this option, as it gives the end user the best possible experience, ensures no interference from external entities trying to make a few illegitimate bucks, and is a largely set-and-forget option.

You can find a tutorial for configuring BIND on Windows here (my choice), and instructions for setting up the TreeWalk DNS server here. Give them a go guys, our ISPs charge us enough without making a quick few dollars off our DNS queries.

Ehtyar.

iphigenie:
I had the problem that our ISP has at times very unreliable DNS servers - I ended up having as a backup a linux distribution on an USB key, so I can turn a spare machine into a USB server within 30 seconds (use the slitaz distribution since i could recreate it into a "custom" iso in minutes)

I will check this windows server, thanks for the tip

f0dder:
If you create an account at OpenDNS you get the option to not get their stupid redirection crap - making it a decent enough choice. Latency is sucky compared to using my ISP DNS servers, but I fix that by running dnsmasq on my linux server; that takes care of caching lookups from OpenDNS.

Using those other "public DNS servers" works, but it feels a bit wrong to me, since I've never seen official pages documenting them. And can you be guaranteed that they won't suddenly start redirecting queries?

Also, I believe I saw a story about an ISP moving from simply redirecting queries on their own DNS servers to actually modifying your DNS request UDP datagrams. In case that method is employed, you can do whatever you want, and you're still screwed.

PS: BIND sucks :)

Stoic Joker:
*Shrug* We're a Windows shop so both DNS servers are MS DNS servers. One is a caching server that forward to OpenDNS (to keep the crew honest). The other one (is for IT...) forward to the (windows default) internet root servers. So 90% of the lookups are (local) instantaneous, the other few (first timers) might actually take a whole second ... but so what.

Given that most ISP DNS's suck (for one reason or the other) I generally always either go with the MS DNS default web root servers, or for small workgroups I tend to use (depending on mood & customer request) either OpenDNS or EarthLinks two main DNS servers as they've always been rather reliable.

Ehtyar:
Just to clarify, this post is about your home DNS, not your business DNS. I'm pretty sure most of us are not running a Windows Server box nearby, and I'm certainly not going to recommend people run a dedicated Linux box for DNS.

If you have an alternative suggestion, please suggest it, but please don't put down my recommendations without at least some reasoning. Also, remember this will be for use on a private network only.

Ehtyar.

Navigation

[0] Message Index

[#] Next page