every user want’s a fast & responsive internet.
There is nothing more anoying than slow loading websites or other services that respond slowly or not at all (timeout) when the user needs them.
DNS aka “the phone book of the internet” is an essential service.
Without it, the user would have to remember and type 74.6.143.26 instead of yahoo.com (still 12rd in Alexa’s Ranking, Amazon bought Alexa Ranking in 1999 for $250 million in stock)
Thus Google and CloudFlare have some easy to remember DNS server IPs: 8.8.8.8 and 1.1.1.1
But a nameserver can see all websites & services that a device requests access to (looking up the websites & service’s ip address), so if the user does not want to turn over what is essentially the “record of dialed phone numbers” to Google or Cloudflare: what about alternatives that do not store the user’s browsing habbits for eternity for AIs to dig into that BigData and try to exploit it somehow?
but what also can happen if a dns nameserver get’s hacked or hijacked or manipulated: the user’s browser ends up at the wrong website!
thus is extremely catastrophic in terms of banking & webmail.
so it is critical that those companies & admins that are running the dns nameservers can be trusted and take cyber security seriously.
run the namebench dns benchmar:
ran the namebench dns benchmark (developed for/by Google)
with those ips:
8.8.8.8, 8.8.4.4, 81.3.27.54, 152.89.170.250, 91.239.100.100, 1.1.1.1, 185.222.222.222, 74.82.42.42, 81.3.27.54, 89.233.43.71, 109.69.8.51, 80.67.169.40, 80.80.80.80, 194.187.251.67, 198.101.242.72, 185.95.218.43, 5.9.164.112, 81.3.27.54, 81.3.27.54, 37.235.1.174, 37.235.1.177, 194.8.57.12
it will run for a while… so go a grap a coffee or two.
those are the results:
that 8.8.8.8 has a manipulated google.com ip is pretty unlikely (unless Google’s nameserver was hacked).
pretty good/fast was:
156.154.71.1 | UltraDNS-2 | rdns2.ultradns.net |
81.3.27.54Lightning Wire Labs DNS Service https://dns.lightningwirelabs.com/ | SYS-81.3.27.54 | recursor01.dns.lightningwirelabs.com |
aka ipfire.org
another run of the old (python based) version namebench (let’s call it v1)
here is a backup of the old src: old-source-namebench-v1-python-based.zip
sha512sum: 1f4a8f999e9e652194555b44712a4107197c4b4ae5c447eba022edc82f3f93357b31a5b3cff8e5553ea56780a6c909690588584e5c8bb709285ee17b52ee6554 old-source-namebench-v1-python-based.zip
(via wifi, because namebench was removed from Debian 11, why actually?)
src of new v2 (go based) namebench https://github.com/google/namebench
maybe that’s why… it benches against very strange sites (right wing extremism forums, porn sites, domains with copyright problems…)
u can be sure this is IN NO WAY on one’s browser history, it takes the domain names from a simple alexa top 2000 list:
what nameserver is one’s the GNU Linux system using?
because StarLink / SpaceX has decided to partner with Google:
# those are the starlink dishy's defaults that get handed to every client
cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 8.8.8.8
nameserver 8.8.4.4
how to manually dig-test dns nameservers:
dig @81.3.27.54 dwaves.de -t A ; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> @81.3.27.54 dwaves.de -t A ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33849 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;dwaves.de. IN A ;; ANSWER SECTION: dwaves.de. 7191 IN A 78.46.181.43 ;; Query time: 41 msec ;; SERVER: 81.3.27.54#53(81.3.27.54) ;; WHEN: Mon Jun 21 20:43:39 CEST 2021 ;; MSG SIZE rcvd: 54 # to query the system's or router's default dns nameserver host google.com google.com has address 142.250.185.142 google.com has IPv6 address 2a00:1450:4001:810::200e google.com mail is handled by 40 alt3.aspmx.l.google.com. google.com mail is handled by 50 alt4.aspmx.l.google.com. google.com mail is handled by 20 alt1.aspmx.l.google.com. google.com mail is handled by 30 alt2.aspmx.l.google.com. google.com mail is handled by 10 aspmx.l.google.com.
the problem with this approach is that can not do TLS/SSL encrypted requests, thus some nameservers only accept encrypted requests and might not respond at all.
namebench – FAQ.wiki
What does namebench actually do?
namebench looks for the fastest DNS (Domain Name System) servers accessible to your computer. You can think of a DNS server as a phone book: When you want to dial a company on the phone, you may have to flip through a phone book by name to find their phone number. On the internet, when you want to visit “www.google.com”, a DNS server needs to looks up the correct IP Address for you.
Over the course of loading a single web page, your computer may need to look up a dozen of these addresses. While your internet provider usually automatically assigns you one of their servers to handle looking up these addresses, there may be others that are significantly faster.
namebench finds them.
Will namebench make surfing the web faster?
Yes.
Will namebench make large downloads faster?
Probably not.
While namebench may significantly increase the speed of every day websurfing, it will not increase the speed of large file downloads such as watching movies online. This is because your computer only has to perform DNS lookups to start the download of the movie. Once the download initiates successfully, your download performance is at the mercy of your internet provider.
Can I run namebench while downloading large files?
namebench assumes your connection has a low amount of traffic while it is running. If this is not the case, the results will be less useful.
Running namebench
namebench fails to start on Windows 2000, XP, or Vista
If you get one of the following errors, your system is missing the Microsoft 2008 Visual C++ libraries:
namebench could not be executed.
This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.
To fix this, download the package from Microsoft: http://www.microsoft.com/downloads/details.aspx?familyid=A5C84275-3B97-4AB7-A40D-3802B2AF5FC2&displaylang=en‘>Microsoft Visual C++ 2008 SP1 Redistributable Package (x86).
namebench fails to start on Mac OS X 10.4
The default Mac user interface requires Mac OS X 10.5 or higher. As a workaround, you can download the namebench source code, open Terminal.app, and type the following to launch the Tk GUI:
I_LOVE_TK=1 ./namebench.py
What packages do I need for the UI in UNIX?
Without the proper libraries installed, namebench will fall back to the command-line version. If you would like a UI:
- Debian/Ubuntu: sudo apt-get install python-tk
- Fedora: yum install tkinter
- FreeBSD: sudo pkg_add -r py-tkinter
Interacting with namebench
Using the Results
How do you use the DNS servers recommended?
See http://code.google.com/speed/public-dns/docs/using.html
Please note: If this machine is part of a larger internal network, use of an external DNS server may result in not being able to access other machines within the network. This should not affect home use, however.
Why do I get different results each time I run namebench.
The first run is the one that is most likely to be accurate. The more times to run namebench, the more likely you are to be repeating the same queries over and over again. This will skew your results toward the closest nameserver to you, rather than the one most likely to have your requests cached during normal operations.
One work-around to avoid this is to switch between the Alexa dataset and your favorite browser as a history source. As the Alexa dataset is global in scope, it will tend to skew toward nameservers that cache queries from around the world, however.
I run my own nameserver at home, why is it slower?
A nameserver with only a few users is less likely to have as many hostnames in it’s cache as ones with a larger pool of users. While the latency for cached results will be fastest from a DNS server on the same network as the client, this advantage is easily offset if the majority of requests are not able to be fulfilled from cache.
What does “NXDOMAIN hijacking” mean?
It means that the DNS server falsifies the result when a non-existent host is requested. This is usually used so that the DNS provider can place advertising when you make a typo when typing in a URL.
What does “Incorrect result for…” mean?
This means that the DNS server may be falsifying the result for a well known service, and redirecting you to another website. This is usually a very bad thing. This alert may also result in false positives when a website changes to a new network or CNAME.
Other Questions
What do you do with the browser history?
namebench looks up what hostnames your web browser has accessed, and replays the requests for a random selection of hosts to the 11 best DNS servers. Alternatively, you can also use the Alexa Top 10,000 domains as a data source, though the queries will be not be personalized, and the results less accurate as a result.
Are all of the “regional servers” public?
If I do a test run, and it points me at various regional DNS servers, run by ISPs or transit providers, are these servers officially “public”?
No. Many regional nameservers are only available to their direct or indirect customers. The ones that do show up on your list are the ones that do allow recursive lookups to your machine however. Like accessing a web page found on a search engine, it is possible that the DNS server was misconfigured to allow public access, and may disappear at any time.
I run a public nameserver, how do I get added or removed?
http://code.google.com/p/namebench/issues/entry‘>Enter an issue with a list of IP’s to include or exclude.
How do I submit a bug?
See http://code.google.com/p/namebench/issues/list‘>our issue tracker
Where can I discuss namebench?
Visit https://groups.google.com/group/namebench‘>namebench on Google Groups
https://code.google.com/archive/p/namebench/wikis/FAQ.wiki#What_does_
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!