How do I select DNS Servers for Geographic/Supplier Diversity ?

[Alan_B]

I need to choose some better DNS Servers and this tool is very useful

http://www.grc.com/dns/benchmark.htm

 

It tests a large number of Servers and sorts them in order of speed

It shows the fastest is IP address 62.24.128.18, owned by "Opal Telecom" with Reverser DNS of "gdns-2.opaltelecom.net"

That will be OK for my primary DNS

My ISP is TALKTALK and they own 62.24.128.17 which is almost as fast, and its Reverse DNS is "gdns-1.opaltelecom.net".

 

I strongly fear that whatever disaster takes out my Primary DNS would also take out the TalkTalk DNS,

e.g. Not much point in having separate backup diesel generators if they share the same tank of diesel fuel.

 

I would like to select Secondary DNS which might continue to work for me if/when the Primary DNS suffers an Internet failure,

or dies or goes up in a puff of smoke or suffers an FBI takedown or goes bankrupt.

 

I would like to know the geographic locations of all servers so that I can select a pair that are remote from each other.

Accurate Latitude and Longitude would be nice.

(Some sites look at my IP address and say where I live - and they miss by 170 miles)

 

Your advice would be appreciated.

 

N.B.

Some years ago a significant break in the U.K. phone system caused significant disruption to the Internet.for many of us.

For those of us that used Talk Talk for both Primary and Secondary DNS servers this was a major disaster

because the location of the internet break separated all their DNS servers from the users.

I switched to Google Primary and OpenDNS Secondary Servers.

This last week when I "PING" the site Forum.Priform I got a response even when it was down,

because OpenDNS lies and switches me to an OpenDNS advert server.

I no longer use OpenDNS and am now selecting what is TRUE and reliable and fastest.

[Andavari]

Have you considered using Comodo Secure DNS? Although, when this forum was giving me DNS issues I must say I don't like Comodo's search page when it can't find a page/site.

[Jamin4u]

This is also a useful tool from grc.com to help one choose. The fastest servers may not be the safest.

 

https://www.grc.com/dns/dns.htm

[Winapp2.ini]

Thanks for these tools. I switched off of OpenDNS too.

[hazelnut]

I too used opendns (last year I think) but gave up with it.

 

I was with TalkTalk like Alan but hated the ads they show when getting 404's etc so had switched to opendns.

 

I am now with British Telecom (fiber optic) and will stick with their servers as they've been okay so far. In fact I have had very few problems accessing the forum this past week.

 

For those readers here who are unsure about what DNS actually is and what to be able to read something which explains it in easy to read format, here you go

 

http://www.labnol.or...er-speed/18988/

[Alan_B]

I have now settled on my DNS servers after repeated runs with

http://www.grc.com/dns/benchmark.htm

Each of the top fastest 3 results had an average response of 24 mSec

 

I eventually tracked down a site that converts an IP address to Latitude and Longitude and shows a map and gives information on the ownership

https://ipdb.at/ip/

I converted Lat/Long coordinates into locations that mean something to me by using

https://maps.google.co.uk/

 

Unfortunately all three severs were located at the exact same place

30 Pasture Rd, Yorkshire Dales National Park, Embsay, Skipton, North Yorkshire BD23 6PN

 

For the sake of Geolocation diversity I chose only one of the three as my Primary,

and dropped down to a server with a response of 31 mSec for my Secondary DNS

I now know that is located at

Harbour Exchange NOC Server Network @ Westminster Bridge, London.

 

Primary to the East and Secondary to the South

I do not need much more diversity than that.

 

This is also a useful tool from grc.com to help one choose. The fastest servers may not be the safest.

 

https://www.grc.com/dns/dns.htm

Thanks

I was aware of that yesterday but had decided it was not relevant.

You made me reconsider and I am happy to say that both my chosen sites have excellent resistance against spoofing,

other wise I would have tried alternatives.

 

Regards

Alan

[eL_PuSHeR]

DNSBench hangs on my machine with an appcrash exception at the "verifying internet access" stage. I am already using OpenDNS.

 

I am using Win7 x64.

[Alan_B]

I too use Wn7 x64

I suggest you try

http://www.grc.com/dns/benchmark.htm

 

Your DNSBench is something I have not tried.

[eL_PuSHeR]

It's the same program, unless I am mistaken.

[Alan_B]

Sorry, I had forgotten the name of the executable that I had clicked,

so I searched the Internet and found

http://www.dnsbench.com/

 

Is it possible that you have a security restriction that prevents non-authorised connection to the Internet ?

UAC strikes again

 

NB

The first utility I tested was

https://code.google.com/p/namebench/

It was useless and deplorable.

It is 30 times the size of the grc.com product,

badly designed, and unusable on my machine.

When launched then (as I anticipated) it does not execute but unpacks itself,

but I was disgusted that it did so without any option of destination or even saying where it would unpack to.

I think I remember that I found it had dumped its load into %TEMP%

When I ran what it dumped then it refused to obey because Internet Explorer was not available.

 

It seems to me that the developer should NOT hard-code his product to depend upon a Browser that :-

Microsoft are now obliged to permit the user to exclude,

and which people reject because of its vulnerabilities such as Active'X.

 

The developer should have accepted whatever "Default Browser" was installed.

I noticed that the downloads were listed as

namebench-1.3.1-Mac_OS_X.dmg

namebench-1.3.1-Windows.exe

namebench-1.3.1-source.tgz

I wonder if the users of Mac_OS_X have to run Internet Explorer

[eL_PuSHeR]

Nope. I have UAC disabled.

 

I have to check it either from "safe mode" or from WinXP.

[Alan_B]

I too have UAC disabled

 

I have DNSBENCH.EXE version.

 

When I select the file properties I see it is version 1.2.3925.0

 

When I select Digital Signatures and click Details,

then after a while it reports "This digital signature is correct",

which I understand means that SHA1 hash checksum computation has validated its freedom from corruption.

It was signed 30 September 2010 23:58:45

 

SUGGESTION :-

If the window remains open after it has attempted "verifying internet access",

then if you right click on the title bar of the window you get a monster context menu,

in the centre of which is

Re-Verify Internet Connectivity.

[eL_PuSHeR]

It just crashes to desktop with an APPCRASH exception.

 

EDIT: It works for me using a BARTPE CD.

 

Still using OpenDNS, though. I have a concern with security rather than raw speed.