PLEASE, Host Your Own DNS Server

[Ehtyar]

After reading this story last week about Comcast responding to invalid DNS queries with their own little search page, I decided I was pissed off. This deplorable behavior can be found in an increasing number of locations on the web, but is utterly unacceptable to most power users, and is blatant money grabbing otherwise.

The first port of call for users unhappy with their ISPs DNS service is typically "Open"DNS. Unfortunately, they're doing the same thing, and have been doing so with an alarming level of success for quite some time (please, I don't want to hear any of this "it's for security" crap, this is a blatant lie and fundamentally breaks DNS for any non-browser client; they do it to make a easy, fast buck).

You have only two remaining alternatives, use a random public DNS server, or run your own. Selecting a public DNS server can be a perfectly acceptable solution. US ISPs host a set of very stable and high availability DNS servers freely (4.2.2.1-6), but if you're outside of the US, latency will start getting a little ridiculous. Your choices become limited outside of those as you have very little indication of future availability and trustworthiness, indeed there's no assurance that 4.2.2.1-6 will remain online in the future. However, you can find a list of some well known public DNS servers in this post on DSLReports.

The only remaining option is to host your own server. I strongly advocate this option, as it gives the end user the best possible experience, ensures no interference from external entities trying to make a few illegitimate bucks, and is a largely set-and-forget option.

You can find a tutorial for configuring BIND on Windows here (my choice), and instructions for setting up the TreeWalk DNS server here. Give them a go guys, our ISPs charge us enough without making a quick few dollars off our DNS queries.

Ehtyar.

[iphigenie]

I had the problem that our ISP has at times very unreliable DNS servers - I ended up having as a backup a linux distribution on an USB key, so I can turn a spare machine into a USB server within 30 seconds (use the slitaz distribution since i could recreate it into a "custom" iso in minutes)

I will check this windows server, thanks for the tip

[f0dder]

If you create an account at OpenDNS you get the option to not get their stupid redirection crap - making it a decent enough choice. Latency is sucky compared to using my ISP DNS servers, but I fix that by running dnsmasq on my linux server; that takes care of caching lookups from OpenDNS.

Using those other "public DNS servers" works, but it feels a bit wrong to me, since I've never seen official pages documenting them. And can you be guaranteed that they won't suddenly start redirecting queries?

Also, I believe I saw a story about an ISP moving from simply redirecting queries on their own DNS servers to actually modifying your DNS request UDP datagrams. In case that method is employed, you can do whatever you want, and you're still screwed.

PS: BIND sucks

[Stoic Joker]

*Shrug* We're a Windows shop so both DNS servers are MS DNS servers. One is a caching server that forward to OpenDNS (to keep the crew honest). The other one (is for IT...) forward to the (windows default) internet root servers. So 90% of the lookups are (local) instantaneous, the other few (first timers) might actually take a whole second ... but so what.

Given that most ISP DNS's suck (for one reason or the other) I generally always either go with the MS DNS default web root servers, or for small workgroups I tend to use (depending on mood & customer request) either OpenDNS or EarthLinks two main DNS servers as they've always been rather reliable.

[Ehtyar]

Just to clarify, this post is about your home DNS, not your business DNS. I'm pretty sure most of us are not running a Windows Server box nearby, and I'm certainly not going to recommend people run a dedicated Linux box for DNS.

If you have an alternative suggestion, please suggest it, but please don't put down my recommendations without at least some reasoning. Also, remember this will be for use on a private network only.

Ehtyar.

[f0dder]

Suggestion for regular users: OpenDNS w/account creation so you don't get their redirection - plain and simple.

[Josh]

Treewalk DNS Server

Vista Instructions

I've used both before dating back to Windows 2000. Worked great. Now I use OpenDNS

[Ehtyar]

What about tracking? No one cares?

Ehtyar.

[Stoic Joker]

Um... My home network = domain->MS DNS->Web root servers.

Fer plain folk I'm with f0dder on OpenDNS or EarthLinks servers work just dandy pretty much anywhere in the US.

As far as tracking goes, what difference does it really make if your logged for a DNS lookup or a web server visit. Everything gets logged, tracked, parsed, sorted, cataloged and sold to the highest bidder anyhow...long as it doesn't hamper my travels, I couldn't care less.

[4wd]

After having a period where my ISPs DNS' were up and down like a yoyo, I now run Treewalk on my headless 24/7/365 usenet machine, (Via EPIA based so it's not sucking heaps of power), and the other machines on the LAN direct all DNS queries to it.

I did use OpenDNS for a period but the redirects suck big time and I didn't want to create yet another freakin' account at some place just to get rid of them.
Plus the fact that while OpenDNS may be uber-reliable in the US of A - it isn't when you're in another country and have to rely on backbones/trunks to get to it.  There have been times when OpenDNS hasn't even been available to me.

Nowadays with Treewalk = no problems.

[tinjaw]

I use OpenDNS with an account and find it a valuable service. I do live in the US.