CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)
Greetings Team, Has anyone deployed the aforementioned in your individual networks? A quick test suggests it is quite fast compared with Google's D.N.S. resolvers: *C:\Users\bullutm>ping 1.1.1.1* *Pinging 1.1.1.1 with 32 bytes of data:* *Reply from 1.1.1.1 <http://1.1.1.1/>: bytes=32 time=3ms TTL=61* *Reply from 1.1.1.1 <http://1.1.1.1/>: bytes=32 time=4ms TTL=61* *Reply from 1.1.1.1 <http://1.1.1.1/>: bytes=32 time=8ms TTL=61* *Reply from 1.1.1.1 <http://1.1.1.1/>: bytes=32 time=4ms TTL=61* *Ping statistics for 1.1.1.1 <http://1.1.1.1/>:* * Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),* *Approximate round trip times in milli-seconds:* * Minimum = 3ms, Maximum = 8ms, Average = 4ms* *C:\Users\bullutm>* *-------* *C:\Users\bullutm>tracert 1.1.1.1* *Tracing route to one.one.one.one [1.1.1.1]* *over a maximum of 30 hops:* * 1 4 ms 3 ms 4 ms 10.101.129.254* * 2 6 ms 20 ms 7 ms 10.98.0.165* * 3 7 ms 13 ms 15 ms 10.98.0.233* * 4 7 ms 5 ms 4 ms one.one.one.one [1.1.1.1]* *Trace complete.* *C:\Users\bullutm>* Warm regards, Michael Bullut. --- *Cell:* *+254 723 393 114.**Skype Name:* *Michael Bullut.* *Twitter:* * @Kipsang <http://twitter.com/Kipsang/>* *Blog: http://www.kipsang.com/ <http://www.kipsang.com/>* *E-mail:* *main@kipsang.com <main@kipsang.com>* *---*
Do note that ping response times are not a good indicator of DNS performance. On Wed, Sep 26, 2018, 3:48 AM Michael Bullut <main@kipsang.com> wrote:
Greetings Team,
Has anyone deployed the aforementioned in your individual networks? A quick test suggests it is quite fast compared with Google's D.N.S. resolvers:
*C:\Users\bullutm>ping 1.1.1.1*
*Pinging 1.1.1.1 with 32 bytes of data:* *Reply from 1.1.1.1 <http://1.1.1.1/>: bytes=32 time=3ms TTL=61* *Reply from 1.1.1.1 <http://1.1.1.1/>: bytes=32 time=4ms TTL=61* *Reply from 1.1.1.1 <http://1.1.1.1/>: bytes=32 time=8ms TTL=61* *Reply from 1.1.1.1 <http://1.1.1.1/>: bytes=32 time=4ms TTL=61*
*Ping statistics for 1.1.1.1 <http://1.1.1.1/>:* * Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),* *Approximate round trip times in milli-seconds:* * Minimum = 3ms, Maximum = 8ms, Average = 4ms*
*C:\Users\bullutm>*
*-------*
*C:\Users\bullutm>tracert 1.1.1.1*
*Tracing route to one.one.one.one [1.1.1.1]* *over a maximum of 30 hops:*
* 1 4 ms 3 ms 4 ms 10.101.129.254* * 2 6 ms 20 ms 7 ms 10.98.0.165* * 3 7 ms 13 ms 15 ms 10.98.0.233* * 4 7 ms 5 ms 4 ms one.one.one.one [1.1.1.1]*
*Trace complete.*
*C:\Users\bullutm>*
Warm regards,
Michael Bullut.
---
*Cell:* *+254 723 393 114.**Skype Name:* *Michael Bullut.* *Twitter:* * @Kipsang <http://twitter.com/Kipsang/>* *Blog: http://www.kipsang.com/ <http://www.kipsang.com/>* *E-mail:* *main@kipsang.com <main@kipsang.com>*
*---*
Hi Ross, How would you gauge good DNS performance? Warm regards, Michael. On Wed, 26 Sep 2018 at 10:50, Ross Tajvar <ross@tajvar.io> wrote:
Do note that ping response times are not a good indicator of DNS performance.
On Wed, Sep 26, 2018, 3:48 AM Michael Bullut <main@kipsang.com> wrote:
Greetings Team,
Has anyone deployed the aforementioned in your individual networks? A quick test suggests it is quite fast compared with Google's D.N.S. resolvers:
*C:\Users\bullutm>ping 1.1.1.1*
*Pinging 1.1.1.1 with 32 bytes of data:* *Reply from 1.1.1.1 <http://1.1.1.1/>: bytes=32 time=3ms TTL=61* *Reply from 1.1.1.1 <http://1.1.1.1/>: bytes=32 time=4ms TTL=61* *Reply from 1.1.1.1 <http://1.1.1.1/>: bytes=32 time=8ms TTL=61* *Reply from 1.1.1.1 <http://1.1.1.1/>: bytes=32 time=4ms TTL=61*
*Ping statistics for 1.1.1.1 <http://1.1.1.1/>:* * Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),* *Approximate round trip times in milli-seconds:* * Minimum = 3ms, Maximum = 8ms, Average = 4ms*
*C:\Users\bullutm>*
*-------*
*C:\Users\bullutm>tracert 1.1.1.1*
*Tracing route to one.one.one.one [1.1.1.1]* *over a maximum of 30 hops:*
* 1 4 ms 3 ms 4 ms 10.101.129.254* * 2 6 ms 20 ms 7 ms 10.98.0.165* * 3 7 ms 13 ms 15 ms 10.98.0.233* * 4 7 ms 5 ms 4 ms one.one.one.one [1.1.1.1]*
*Trace complete.*
*C:\Users\bullutm>*
Warm regards,
Michael Bullut.
---
*Cell:* *+254 723 393 114.**Skype Name:* *Michael Bullut.* *Twitter:* * @Kipsang <http://twitter.com/Kipsang/>* *Blog: http://www.kipsang.com/ <http://www.kipsang.com/>* *E-mail:* *main@kipsang.com <main@kipsang.com>*
*---*
also could use ripe atlas Colin
On 26 Sep 2018, at 09:15, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
On Wed, Sep 26, 2018 at 10:59:02AM +0300, Michael Bullut <main@kipsang.com> wrote a message of 192 lines which said:
How would you gauge good DNS performance?
To test {XXX} performance, you use a {XXX} client, where XXX = DNS, HTTP, SSH, LDAP, etc.
Jens Link <lists@quux.de> wrote:
jens@screen:~$ dig nanog.org @8.8.8.8 | grep "Query time" ;; Query time: 16 msec jens@screen:~$ dig nanog.org @1.1.1.1 | grep "Query time" ;; Query time: 3 msec
You can use dig -u to get microsecond resolution, e.g. $ dig -u @131.111.8.42 nanog.org | grep time: ;; Query time: 611 usec Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ work to the benefit of all
In article <87in2sy5eh.fsf@pc8.berlin.quux.de> you write:
quick and dirty:
jens@screen:~$ dig nanog.org @8.8.8.8 | grep "Query time" ;; Query time: 16 msec jens@screen:~$ dig nanog.org @1.1.1.1 | grep "Query time" ;; Query time: 3 msec
Yeah, that's super reliable: $ drill nanog.org @1.1.1.1 | grep "Query time" ;; Query time: 31 msec $ drill nanog.org @1.1.1.1 | grep "Query time" ;; Query time: 18 msec
For Window’s clients, you might want to try out this freeware GRC tool for benchmarking DNS performance: https://www.grc.com/dns/benchmark.htm Cheers -- Yonatan (Yoni) Radzin yradzin@gmail.com
On Sep 26, 2018, at 3:59 AM, Michael Bullut <main@kipsang.com> wrote:
Hi Ross,
How would you gauge good DNS performance?
Warm regards,
Michael.
On Wed, 26 Sep 2018 at 10:50, Ross Tajvar <ross@tajvar.io> wrote: Do note that ping response times are not a good indicator of DNS performance.
On Wed, Sep 26, 2018, 3:48 AM Michael Bullut <main@kipsang.com> wrote: Greetings Team,
Has anyone deployed the aforementioned in your individual networks? A quick test suggests it is quite fast compared with Google's D.N.S. resolvers:
C:\Users\bullutm>ping 1.1.1.1
Pinging 1.1.1.1 with 32 bytes of data: Reply from 1.1.1.1: bytes=32 time=3ms TTL=61 Reply from 1.1.1.1: bytes=32 time=4ms TTL=61 Reply from 1.1.1.1: bytes=32 time=8ms TTL=61 Reply from 1.1.1.1: bytes=32 time=4ms TTL=61
Ping statistics for 1.1.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 3ms, Maximum = 8ms, Average = 4ms
C:\Users\bullutm>
-------
C:\Users\bullutm>tracert 1.1.1.1
Tracing route to one.one.one.one [1.1.1.1] over a maximum of 30 hops:
1 4 ms 3 ms 4 ms 10.101.129.254 2 6 ms 20 ms 7 ms 10.98.0.165 3 7 ms 13 ms 15 ms 10.98.0.233 4 7 ms 5 ms 4 ms one.one.one.one [1.1.1.1]
Trace complete.
C:\Users\bullutm>
Warm regards,
Michael Bullut.
---
Cell: +254 723 393 114. Skype Name: Michael Bullut. Twitter: @Kipsang Blog: http://www.kipsang.com/ E-mail: main@kipsang.com
---
+1 for Yoni's recommendation of DNS Benchmark (Windows only). Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Sep 26, 2018 at 9:03 AM, Yoni Radzin <yradzin@gmail.com> wrote:
For Window’s clients, you might want to try out this freeware GRC tool for benchmarking DNS performance:
https://www.grc.com/dns/benchmark.htm
Cheers
-- *Yonatan (Yoni) Radzin* *yradzin@gmail.com <yradzin@gmail.com>*
On Sep 26, 2018, at 3:59 AM, Michael Bullut <main@kipsang.com> wrote:
Hi Ross,
How would you gauge good DNS performance?
Warm regards,
Michael.
On Wed, 26 Sep 2018 at 10:50, Ross Tajvar <ross@tajvar.io> wrote:
Do note that ping response times are not a good indicator of DNS performance.
On Wed, Sep 26, 2018, 3:48 AM Michael Bullut <main@kipsang.com> wrote:
Greetings Team,
Has anyone deployed the aforementioned in your individual networks? A quick test suggests it is quite fast compared with Google's D.N.S. resolvers:
*C:\Users\bullutm>ping 1.1.1.1*
*Pinging 1.1.1.1 with 32 bytes of data:* *Reply from 1.1.1.1 <http://1.1.1.1/>: bytes=32 time=3ms TTL=61* *Reply from 1.1.1.1 <http://1.1.1.1/>: bytes=32 time=4ms TTL=61* *Reply from 1.1.1.1 <http://1.1.1.1/>: bytes=32 time=8ms TTL=61* *Reply from 1.1.1.1 <http://1.1.1.1/>: bytes=32 time=4ms TTL=61*
*Ping statistics for 1.1.1.1 <http://1.1.1.1/>:* * Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),* *Approximate round trip times in milli-seconds:* * Minimum = 3ms, Maximum = 8ms, Average = 4ms*
*C:\Users\bullutm>*
*-------*
*C:\Users\bullutm>tracert 1.1.1.1*
*Tracing route to one.one.one.one [1.1.1.1]* *over a maximum of 30 hops:*
* 1 4 ms <https://maps.google.com/?q=4+ms+3+ms&entry=gmail&source=g> 3 ms <https://maps.google.com/?q=4+ms+3+ms&entry=gmail&source=g> 4 ms 10.101.129.254* * 2 6 ms <https://maps.google.com/?q=ms+20+ms+7&entry=gmail&source=g> 20 ms <https://maps.google.com/?q=ms+20+ms+7&entry=gmail&source=g> 7 <https://maps.google.com/?q=ms+20+ms+7&entry=gmail&source=g> ms 10.98.0.165* * 3 7 ms 13 ms <https://maps.google.com/?q=13+ms+15+ms&entry=gmail&source=g> 15 ms <https://maps.google.com/?q=13+ms+15+ms&entry=gmail&source=g> 10.98.0.233* * 4 7 ms 5 ms 4 ms one.one.one.one [1.1.1.1]*
*Trace complete.*
*C:\Users\bullutm>*
Warm regards,
Michael Bullut.
---
*Cell:* *+254 723 393 114.**Skype Name:* *Michael Bullut.* *Twitter:* * @Kipsang <http://twitter.com/Kipsang/>* *Blog: http://www.kipsang.com/ <http://www.kipsang.com/>* *E-mail:* *main@kipsang.com <main@kipsang.com>*
*---*
On Wed, Sep 26, 2018 at 10:52:07AM +0300, Michael Bullut <main@kipsang.com> wrote a message of 162 lines which said:
Has anyone deployed the aforementioned in your individual networks? A quick test suggests it is quite fast compared with Google's D.N.S. resolvers:
Well, you don't test a DNS service with ICMP echo, for reasons you certainly know. Also, do not compare only public resolvers between themselves, also compare with a local resolver (always the closest from the clients).
I recommend that eyeball networks don't run any external recursive server for optimal CDN performance. Yes, some CDNs support other methods, but not all. If not all do, then the requirement remains. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Michael Bullut" <main@kipsang.com> To: nanog@nanog.org Sent: Wednesday, September 26, 2018 2:52:07 AM Subject: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1) Greetings Team, Has anyone deployed the aforementioned in your individual networks? A quick test suggests it is quite fast compared with Google's D.N.S. resolvers: C:\Users\bullutm>ping 1.1.1.1 Pinging 1.1.1.1 with 32 bytes of data: Reply from 1.1.1.1 : bytes=32 time=3ms TTL=61 Reply from 1.1.1.1 : bytes=32 time=4ms TTL=61 Reply from 1.1.1.1 : bytes=32 time=8ms TTL=61 Reply from 1.1.1.1 : bytes=32 time=4ms TTL=61 Ping statistics for 1.1.1.1 : Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 3ms, Maximum = 8ms, Average = 4ms C:\Users\bullutm> ------- C:\Users\bullutm>tracert 1.1.1.1 Tracing route to one.one.one.one [1.1.1.1] over a maximum of 30 hops: 1 4 ms 3 ms 4 ms 10.101.129.254 2 6 ms 20 ms 7 ms 10.98.0.165 3 7 ms 13 ms 15 ms 10.98.0.233 4 7 ms 5 ms 4 ms one.one.one.one [1.1.1.1] Trace complete. C:\Users\bullutm> Warm regards, Michael Bullut. --- Cell: +254 723 393 114. Skype Name: Michael Bullut. Twitter: @Kipsang Blog: http://www.kipsang.com/ E-mail: main@kipsang.com ---
* nanog@ics-il.net (Mike Hammett) [Wed 26 Sep 2018, 13:14 CEST]:
I recommend that eyeball networks don't run any external recursive server for optimal CDN performance. Yes, some CDNs support other methods, but not all. If not all do, then the requirement remains.
+1 https://blog.powerdns.com/2018/09/04/on-firefox-moving-dns-to-a-third-party/ -- Niels.
Seems like a good reason to not use Firefox. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: niels=nanog@bakker.net To: nanog@nanog.org Sent: Wednesday, September 26, 2018 6:34:44 AM Subject: Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1) * nanog@ics-il.net (Mike Hammett) [Wed 26 Sep 2018, 13:14 CEST]:
I recommend that eyeball networks don't run any external recursive server for optimal CDN performance. Yes, some CDNs support other methods, but not all. If not all do, then the requirement remains.
+1 https://blog.powerdns.com/2018/09/04/on-firefox-moving-dns-to-a-third-party/ -- Niels.
On Wed, 26 Sep 2018 10:52:07 +0300, Michael Bullut said:
Has anyone deployed the aforementioned in your individual networks? A quick test suggests it is quite fast compared with Google's D.N.S. resolvers:
*Reply from 1.1.1.1 <http://1.1.1.1/>: bytes=32 time=3ms TTL=61*
From my desktop, 1.1.1.1 is 7 network hops away, compared to 8.8.8.8's 10 hops, but the extra 3 hops inside AS15169 probably don't leave the building, and may not even leave the rack. Both are right around 6.9ms away - while *our* network
3ms indicates you're hitting an instance that is fairly close by, network-wise. Looking at your traceroute: 3 7 ms 13 ms 15 ms 10.98.0.233 4 7 ms 5 ms 4 ms one.one.one.one [1.1.1.1] The instance is apparently on the same subnet as your CGN exit point. As such, unless CloudFlare is deploying a *lot* of anycast instances, most people are not going to have the joyous experience you have. presence there is 4 hops and also 6.9ms away and traceroute is showing jitter larger than the difference between our router and either DNS service...
valdis.kletnieks@vt.edu wrote on 9/26/2018 1:44 PM:
On Wed, 26 Sep 2018 10:52:07 +0300, Michael Bullut said:
Has anyone deployed the aforementioned in your individual networks? A quick test suggests it is quite fast compared with Google's D.N.S. resolvers: *Reply from 1.1.1.1 <http://1.1.1.1/>: bytes=32 time=3ms TTL=61* 3ms indicates you're hitting an instance that is fairly close by, network-wise.
Looking at your traceroute:
3 7 ms 13 ms 15 ms 10.98.0.233 4 7 ms 5 ms 4 ms one.one.one.one [1.1.1.1]
The instance is apparently on the same subnet as your CGN exit point. As such, unless CloudFlare is deploying a *lot* of anycast instances, most people are not going to have the joyous experience you have.
From my desktop, 1.1.1.1 is 7 network hops away, compared to 8.8.8.8's 10 hops, but the extra 3 hops inside AS15169 probably don't leave the building, and may not even leave the rack. Both are right around 6.9ms away - while *our* network presence there is 4 hops and also 6.9ms away and traceroute is showing jitter larger than the difference between our router and either DNS service...
I'm not a proponent of using 1.1.1.1, but CloudFlare does have a good CDN: Pinging 1.1.1.1 with 32 bytes of data: Reply from 1.1.1.1: bytes=32 time<1ms TTL=58 Reply from 1.1.1.1: bytes=32 time<1ms TTL=58 Reply from 1.1.1.1: bytes=32 time<1ms TTL=58 Reply from 1.1.1.1: bytes=32 time<1ms TTL=58 Tracing route to one.one.one.one [1.1.1.1] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms xxxx 2 <1 ms <1 ms <1 ms xxxx 3 <1 ms <1 ms <1 ms xxxx 4 1 ms 1 ms 1 ms 209.152.151.8 5 1 ms 1 ms 1 ms 38.140.136.177 6 1 ms <1 ms <1 ms 38.140.136.74 7 <1 ms <1 ms <1 ms one.one.one.one [1.1.1.1] Trace complete. dig @1.1.1.1 cloudflare.com | grep 'Query time' ;; Query time: 1 msec dig @1.1.1.1 nanog.org | grep 'Query time' ;; Query time: 28 msec
participants (14)
-
Blake Hudson
-
Colin Johnston
-
Grant Taylor
-
Jens Link
-
John Levine
-
Josh Luthman
-
Michael Bullut
-
Mike Hammett
-
niels=nanog@bakker.net
-
Ross Tajvar
-
Stephane Bortzmeyer
-
Tony Finch
-
valdis.kletnieks@vt.edu
-
Yoni Radzin