Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




676 posts

Ultimate Geek


# 240750 24-Sep-2018 11:40
Send private message

I'm looking for some feedback and insights into what DNS servers people are using, and in particular what DNS servers to use in balancing performance vs privacy. 

 

In recent times there has been a number of privacy focused DNS services launched, Quad9 and Cloudfare's offering spring to mind, and to this laymen they look like a good option. BUT I recall historical comments on Geekzone that using these third party DNS services, in particular Google, can bypass any caching your ISP does and potentially impact performance. For example when downloading games from Steam the requests would likely go to Sydney based Steam servers rather than local ISP cache's and consequently impact performance.

 

These comments are probably a few years old if I recall correctly, so was keen to get more up to date thoughts from some of the more informed members as to what DNS servers they use and why? 

 

Personally I'm running Pi-hole at home which is configure to forward DNS requests to the Spark DNS servers (Bigpipe customer). Recent reading has brought Unbound to my attention and the option of configuring Pi-hole as a recursive DNS server. It appears to be a straightforward installation.


Create new topic
704 posts

Ultimate Geek


  # 2095438 24-Sep-2018 12:38
2 people support this post
Send private message

Im running PiHole forwarding to Cloudfare DNS (not yet configured for DNS over HTTPS).

 

Works great. Dont notice any adverse affects at all.

 

Since you're running PiHole why not try an alternative provider and switch back if it doesnt work out for you.


28275 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 2095501 24-Sep-2018 13:42
5 people support this post
Send private message

Using your RSP's DNS servers will always deliver the best end user experience.

 

The days of 3rd party DNS causing issues primararily with CDN content are largely a thing of the past, but can still cause some CDN issues.

 

 


 
 
 
 


15249 posts

Uber Geek

Trusted
Subscriber

  # 2095623 24-Sep-2018 16:25
One person supports this post
Send private message

I use my ISPs DNS servers just so if they have a cache for media we get it locally. Plus it works fine, and I can change to CloudFlare / Google if I need to for any reason - haven't needed to yet though.


289 posts

Ultimate Geek


  # 2095688 24-Sep-2018 17:54
One person supports this post
Send private message

Using Pi Hole configured for CloudFlare first and Google DNS second, general web browsing is noticeably faster now.

1011 posts

Uber Geek

Trusted

  # 2095770 24-Sep-2018 20:04
One person supports this post
Send private message

sbiddle: Using your RSP's DNS servers will always deliver the best end user experience.

 

Maybe sometimes, but not always.

 

 

 

For me the question also includes DNSSec support and privacy. Do I want my ISP to know about every domain that I visit?

 

 

 

PS I also like my PiHole.

 

 

 

 

Edit: smaller image





Please keep this GZ community vibrant by contributing in a constructive & respectful manner.


28275 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 2095811 24-Sep-2018 20:59
8 people support this post
Send private message

IcI:

 

Do I want my ISP to know about every domain that I visit?

 

 

Your ISP really couldn't care less.

 

 

 

 


5412 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2095812 24-Sep-2018 21:01
One person supports this post
Send private message

sbiddle:

IcI:


Do I want my ISP to know about every domain that I visit?



Your ISP really couldn't care less.


 


 



I reckon,

John

 
 
 
 


Linux Systems Admin
1123 posts

Uber Geek

Trusted
Integrity Tech Solutions
Subscriber

  # 2103050 7-Oct-2018 21:48
2 people support this post
Send private message

IcI:

 

For me the question also includes DNSSec support and privacy. Do I want my ISP to know about every domain that I visit?

 

 

DNSSEC does not offer privacy!

 

In very simple terms it's a mechanism to assure the returned response from a DNS server is authentic.

 

Secondly, I work for an ISP and I absolutely, totally and unquestionably do not monitor nor care what you are looking at on the internet. 

 

Here is what I do care about-

 

1. Developing new services and improving existing ones

 

2. Updating server software

 

3. Keeping an eye on server health and operation

 

4. Responding to escalated requests

 

5. Obtaining new SSL certs (a lot of that lately) and renewing existing ones.

 

6. Advising and implementing non-standard customer service configs.





Integrity Tech Solutions @ Norsewood, New Zealand


Linux Systems Admin
1123 posts

Uber Geek

Trusted
Integrity Tech Solutions
Subscriber

  # 2103051 7-Oct-2018 21:52
Send private message

PANiCnz:

 

BUT I recall historical comments on Geekzone that using these third party DNS services, in particular Google, can bypass any caching your ISP does and potentially impact performance. For example when downloading games from Steam the requests would likely go to Sydney based Steam servers rather than local ISP cache's and consequently impact performance.

 

 

All the caching DNS servers I have ever deployed all respect source TTL - ie: do not override what the authorative DNS server has the record set at.

 

But these days it's quite common to set short TTL's - 5 minutes or less. GeoDNS and high availability deployments commonly.





Integrity Tech Solutions @ Norsewood, New Zealand


Mr Snotty
8880 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 2103053 7-Oct-2018 22:12
Send private message

I'm using Pi-Hole with Cloudflare DNS over HTTPS. Works incredibly well.

 

As a side-note - as I've said multiple times. If you're using a DNS-based ad-blocker then consider a subscription on Geekzone too if you get value out of it.





1011 posts

Uber Geek

Trusted

  # 2103066 7-Oct-2018 23:44
One person supports this post
Send private message

MichaelNZ:

 

IcI:

 

For me the question also includes DNSSec support and privacy. Do I want my ISP to know about every domain that I visit?

 

 

DNSSEC does not offer privacy!

 

In very simple terms it's a mechanism to assure the returned response from a DNS server is authentic.

 

Secondly, I work for an ISP and I absolutely, totally and unquestionably do not monitor nor care what you are looking at on the internet. 

 

 

You are correct with your statements. They are separate issues and I could have worded my post better. The ISP comment only applies to the privacy part of the first sentence.

 

Please note that while YOU as an ISP only care about what you listed, there are other ISPs that do want that extra info for whatever money or legal reasons they quote as applicable.





Please keep this GZ community vibrant by contributing in a constructive & respectful manner.


2525 posts

Uber Geek

Trusted
Subscriber

  # 2103069 8-Oct-2018 00:22
Send private message

sbiddle:

 

IcI:

 

Do I want my ISP to know about every domain that I visit?

 

 

Your ISP really couldn't care less.

 

 

Mine could....

 

But I am in the UAE undecided


525 posts

Ultimate Geek

Trusted

  # 2103072 8-Oct-2018 07:00
One person supports this post
Send private message

sbiddle:

 

IcI:

 

Do I want my ISP to know about every domain that I visit?

 

 

Your ISP really couldn't care less.

 

 

 

 

As someone who has built more than one set of ISP's DNS servers I wholeheartedly second this, ISP's in NZ as a general rule log nothing but errors on their DNS servers.


227 posts

Master Geek


  # 2105818 10-Oct-2018 18:13
One person supports this post
Send private message

Cloudflare are much more trustworthy than any ISP IMO. I can't think of a company that does more for internet privacy.


Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Arlo unveils its first video doorbell
Posted 21-Oct-2019 08:27


New Zealand students shortlisted for James Dyson Award
Posted 21-Oct-2019 08:18


Norton LifeLock Launches Norton 360
Posted 21-Oct-2019 08:11


Microsoft New Zealand Partner Awards results
Posted 18-Oct-2019 10:18


Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36


MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28


Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15


D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31


Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29


Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24


Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59


Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07


Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02


Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41


Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.