http://matasanochargen.disqus.com/enMon, 17 Jul 2006 17:33:18 -0000http://www.matasano.com/log/363/third-party-dns-caches-considered-a-blog-post/#comment-2319976i normally use pch or ultradns for 3rd party, since they both employ anycast. more and more dns servers are shutting off recursion because of <a href="http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/att-0638/dnos.c" rel="nofollow">http://www.derkeiler.com/Mailing-Lists/Full-Dis...</a><br>and similar tools/attacks. not to mention dns pollution (i could say something here about dislike for a certain tcp/ip blackops "expert", but i think i'll leave it alone for now).<br><br><a href="http://www.bleedingsnort.com/blackhole-dns/" rel="nofollow">http://www.bleedingsnort.com/blackhole-dns/</a> can be added to any third-party nameserver, so i wonder what improvements opendns have for their anti-phishing component. the mistyped domain names component is really weird and a bad idea to me. i'd like to see statistics on that first.<br><br>speaking of which - if internet measurement were beautiful women, both nsping and ntpq would be "perfect 10's" even if they are badly coded. pathchar would be a 9. sexchart-pathchar would be mixing metaphors, and is thus, disqualified.dreMon, 17 Jul 2006 17:33:18 -0000http://www.matasano.com/log/363/third-party-dns-caches-considered-a-blog-post/#comment-2319975Great post Thomas. nsping looks awesome. I have zero c skills, otherwise I'd try to port it to my linux box. :) Time to download FreeBSD maybe. heh.tylerFri, 14 Jul 2006 10:31:37 -0000http://www.matasano.com/log/363/third-party-dns-caches-considered-a-blog-post/#comment-2319974That's "blog AT matasano DOT com". Sorry.Thomas PtacekThu, 13 Jul 2006 11:00:42 -0000http://www.matasano.com/log/363/third-party-dns-caches-considered-a-blog-post/#comment-2319973I'm happy to talk offline.<br><br>I want to be clear, I think that there is value you can provide from the vantage point of "third-party aftermarket DNS cache". I just don't believe that you've found it.<br><br>In a sense, Eric Rescorla's point is better than mine: he (smartly) concedes that your cache can be faster, and then disputes that it will make a difference to my mom.<br><br>I'm being a bit of a twit and claiming that you're not even faster, which is just kind of mean and not as productive as Eric's comment.<br><br>Things that sound fun to me:<br><br>- A discussion on how to test the performance of DNS caches.<br><br>- A discussion of the architecture of DNS caches.<br><br>What software are you using? <br><br>You can catch me in email at &lt;blog&gt;. I'll keep responding here too.&lt;/blog&gt;Thomas PtacekThu, 13 Jul 2006 10:59:27 -0000http://www.matasano.com/log/363/third-party-dns-caches-considered-a-blog-post/#comment-2319972Thomas,<br><br>Happy to do so. I'm probably not going to be able to find time to sit down and do this until the weekend or maybe late tonight (PST).<br><br>I also want to check out nsping, never heard of it before. We've used netperf from Rick Jones and queryperf for some testing along with a host of other tools. Are we going to check from our location to host's ns caches or find a way to be on their networks?<br><br>There's no question that some ISPs run better resolvers than others. There definitely does seem to be a surprising number of crappy ISPs out there though. Personally, I'm a big speakeasy fan, and wouldn't be surprised if they're one to get things pretty right. Let's find out. Want to take the details to email and post them here once we figure it out or just keep going back and forth here?<br><br>Email's a bit more real-time for me. <br><br>-davidDavid UlevitchThu, 13 Jul 2006 10:18:02 -0000http://www.matasano.com/log/363/third-party-dns-caches-considered-a-blog-post/#comment-2319971PS: Let's agree on a methodology and test from a number of ISPs.Thomas PtacekThu, 13 Jul 2006 01:33:59 -0000http://www.matasano.com/log/363/third-party-dns-caches-considered-a-blog-post/#comment-2319970Thanks for responding. This should be fun, because both of us know what latency means, what cache size means, and what churn rate is.<br><br>I just tested and I see a 12ms average difference between random SPEAKEASY.NET names and random GOOGLE.COM names from my ISP's cache, and a 40ms average difference between random OPENDNS.COM names and random GOOGLE.COM names from 208.67.222.222.<br><br>That is, _RANDOM_.SPEAKEASY.NET takes N milliseconds, and _RANDOM_.GOOGLE.COM takes N+12 ms locally. Meanwhile, _RANDOM_.OPENDNS.COM takes N and _RANDOM_.GOOGLE.COM takes N+40 from your server.<br><br>A test run is 50 samples.<br><br>Can Speakeasy look up a Google name almost 4 times faster than OpenDNS?Thomas PtacekThu, 13 Jul 2006 01:32:52 -0000http://www.matasano.com/log/363/third-party-dns-caches-considered-a-blog-post/#comment-2319969Thomas,<br><br>Lies, damn lies and statistics. ;-) I could prove the exact opposite with my own statistics.<br><br>There are lots of variables involved including latency to our machines and latency of your machines to the internet, size of your caches, churn rate, etc.<br><br>That said, let's see where you are and why we are slower. Can you provide a traceroute to 208.67.222.222?<br><br>And yes, our designer does rock. We feed him lots of <a href="http://www.burritophile.com/" rel="nofollow">burritos</a> to keep him happy.DavidThu, 13 Jul 2006 01:19:19 -0000