StreetSpirit
Premium
join:2002-08-13
Roslyn, NY
 ·Optimum Online
 ·Verizon Online DSL
1 edit | reply to MxxCon
Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.
MxxCon, I did not try using the nameservers outright but immediately integrated them as forwarders. To be honest, I wasn't happy with OpenDNS performance as forwarders. I was thinking perhaps if I removed Treewalk but didn't have the time.
I commented them out about a week after I wrote this.
I was also seeing a difficulty to resolve sites. Perhaps if one uses them simply as DNS servers, PowerDNS would perform better, but I didn't like the performance when using them as forwarders.
Guess not. Go figure 
Dave |
|
MxxCon
join:1999-11-19
Brooklyn, NY
clubs:  
| reply to StreetSpirit
i've switched to opendns from treewalk after your article and lately i noticed that about 50% of page views, especially with multiple elements stall forcing me to do refresh to get things going again... 
the moment i switched to treewalk everything is smooth and fast again.
i reconfigured treewalk to use opendns as forwarder, will see how it goes.
--
[Sig removed by Administrator: Signature can not exceed 20GB] |
|
Dryvlyne
Far Beyond Driven
Premium
join:2004-08-30
Newark, OH
2 edits | reply to RickNY
/EDIT
Nevermind
--
In relative terms life is shorter than the blink of an eye. Remember that each and every day because in the end it's not about what you've done but how you've lived.
|
|
StreetSpirit
Premium
join:2002-08-13
Roslyn, NY
·Optimum Online
·Verizon Online DSL
| reply to M A R K
I'm glad that it's working out for you. I also thank everyone who's thanked me in public or private.
A forum member clued me in to another OpenDNS thread in progress which might be of interest: »Excellent article about using OpenDNS vs ISP DNS - The thread references a NewsForge Article on the same subject.
Respectfully,
David |
|
M A R K
Premium
join:2001-06-15
Long Island
clubs: | reply to StreetSpirit
With out exaggeration, im seeing 50% faster page loads. Sites like my space and CNN and other news sites would take so long to load for me, all issues are GONE!
--
Zionism is a hate crime |
|
RickNY
Premium
join:2000-11-02
New York
| reply to StreetSpirit
On my Linksys router, I actually pointed the Static DNS 3 entry to a non-existent IP on my LAN because I was unsure of the methodology that DD-WRT was using to select out of the 3 entries -- and I found it was picking the OOL one more often than not. Since I want to use OpenDNS' phishing and spelling protection, I needed to make sure the OOL DNS wasnt utilized. If you leave the 3rd one empty on the Static DNS entry of the Linksys, it replaces the 3rd entry with the 3rd DNS server obtained via DHCP.
Even though I am running Treewalk with OpenDNS as forwarders on my desktop PC, I set the Linksys router up with the OpenDNS entries because I also utilize the router as a SOCKS proxy via SSH from work, and have DNS done through the SOCKS proxy -- so in my case I also wanted the router to have it go to OpenDNS as well. |
|
StreetSpirit
Premium
join:2002-08-13
Roslyn, NY
·Optimum Online
·Verizon Online DSL
| reply to StreetSpirit
Re: [OOL] [Guide] ANALYZING DNS SERVERS ONLINE
Here are some DNS Servers to switch to in a pinch - although I do not support using servers from another ISP, not specifically designated as free-access DNS servers, as you're causing load and interfering with legitimate users of the ISP/service
I was asked to post this anyway even with ethical reservations.
Therefore, Lexx Luthor, If this violates the spirit of the forum, as it well may, please remove this particular message. Thanks.
• Speakeasy non ip range restricted nearby servers:
216.231.41.2 (Washington DC - probably)
216.254.95.2 (NY, Massachusetts and Pennsylvania)
64.81.159.2 (Baltimore and Washington DC)
66.92.64.2 (Boston, Massachusetts)
66.92.224.2 (Philadelphia)
66.92.159.2 (Washington DC)
--
Regards,
Dave |
|
andvari
join:2003-05-21
Freehold, NJ
| reply to StreetSpirit
Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.
Thanks, informative as always, Dave.
I am currently running BIND on my home network, and because of your research I've added the forwarder you recommended.
Since I am now running a few domains hosted on my home machines now (thanks to Boost) I have set up zone files for these domains so I can access these by domain name from my private network. The alternative I have is to configure my firewall to supply the OpenDNS names and use the firewall's DNS doctoring feature to supply the internal address instead of the external address for these domains.
I am wondering if you think there is any advantage/disadvantage to either setup? |
|
StreetSpirit
Premium
join:2002-08-13
Roslyn, NY
·Optimum Online
·Verizon Online DSL
| reply to StreetSpirit
Re: [OOL] [Guide] ANALYZING DNS SERVERS ONLINE
Here's a great tool which can help you judge the DNS server by commonly recognized criteria, tested on the fly.
• Visit »www.dnsreport.com/ and enter the server to be tested, or simply plug your server and domain as below
• Alternate Method: Examine this URL. Notice two changable parameter accepted by the dnsreport.Ch script:
http://www.dnsreport.com/tools/dnsreport.ch?domain=dslreports.com&server=208.67.222.222
domain=somedomain.tld
-and-
server=x.x.x.x (a DNS server to be tested)
So say we want to test 167.206.3.207 and have it look up the domain dslreports.com - we would use a line like this:
http://www.dnsreport.com/tools/dnsreport.ch?domain=dslreports.com&server=167.206.3.207
Enjoy, wonderful tool imo.
--
Regards,
Dave |
|
StreetSpirit
Premium
join:2002-08-13
Roslyn, NY
·Optimum Online
·Verizon Online DSL
| reply to nypix
Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.
said by nypix :
My peerguardian 2 doesn't seem to be picking up after installing treewalk.
I haven't followed the rest of your guide yet but all I want is better DNS response.
That's simple enough. If you're using a router, no router, Windows, Linux, or even a smart phone, visit »www.opendns.com/start/at_home.php to get instructions. For example, say you have Windows XP without a router, view the page »www.opendns.com/start/windows_xp.php in that case for screen captures and detaild instructions on using PowerDNS.
Essentially you will be changing your DNS at your router or PC to 208.67.222.222 and 208.67.220.220.
Hope this helps.
Remember you can choose any other two "tier-2" DNS servers (tier 2 means those who reply to clients.)
My next message will include a method to TEST dns servers and a few tier-2 servers which can be accessed by us.
Good luck. |
|
StreetSpirit
Premium
join:2002-08-13
Roslyn, NY
·Optimum Online
·Verizon Online DSL
| reply to Ken Peterson
I doubt it Ken, you seem like you have all the bases covered.
You might want to try adding the forwards, but it can only add redundancy (and perhaps confusion  ). Bind and Treewalk do a fine job on their own in minimizing latency by employing smart caching.
I guess what I'm trying to say , if it works, don't fix it
If you do decide to add the forwarders, PLEASE visit the site and make yourself an account, then disable their URL spelling correction and phishing protection.
Good luck! I can't say you'd see much benefit. Wanna be sure? Run Gibson's DNSRU.exe utility (hold down the shift key) to time your current DNS response (zap the cache first). Afterwards, shut down the service, zap the cache again and run DNSRU with the forwarders. See if there's ANY benefit in the local resolves.
Another thought.. My particular router allows me to specify several DNS servers, not being limited to two. I use several quick conventional DNS servers and the PowerDNS resolvers as part of my router's DNS list.
I have exactly the same setup as yours- Treewalk running on the network (say 192.168.0.2), PCs on the network have an entry pointing to the network-exposed BIND. ACLs prevent the server from accepting any connections outside the lan. The second DNS entry points to my router with the same setup on the PC running BIND.
Good luck, hope these musings help
Dave |
|
Ken Peterson
Premium
join:2000-12-08
| reply to StreetSpirit
I have a PC that runs 24/7 set up statically on my home LAN and it's running Treewalk. Then in my Linksys router (running DD-WRT) I have the OpenDNS servers coded in as DNS 1 & 2 with an OOL DNS server as # 3.
My Windows boxes on my LAN are configured so their DNS #1 points to the 24/7 machine running Treewalk, & DNS 2 points to the router for resolution (192.168.1.1).
I am wondering if this forward stuff is needed with this setup? |
|
StreetSpirit
Premium
join:2002-08-13
Roslyn, NY
·Optimum Online
·Verizon Online DSL
| reply to RickNY
said by RickNY  :David, Thanks for a most excellent article.. I've been using Treewalk with OpenDNS set as forwarders for a few months now, and its works fantastic. Thanks for taking the time to do this for everyone else out there! Rick Thanks Rick and everyone else who voted thumbs up and such. I'm glad I was able to stimulate some discussion on overcoming bad DNS servers, and using OpenDNS.
To be honest, a friend IM'd me for some help with using OpenDNS as forwarders. Once I'd got a little bit into the subject, I figured I might as well take a little extra time and post it for the public to benefit (ymmv) as well.
--
Regards,
Dave |
|
StreetSpirit
Premium
join:2002-08-13
Roslyn, NY
·Optimum Online
·Verizon Online DSL
1 edit | reply to nypix
Hi - I'm sorry you had trouble. I did not write Treewalk nor BIND, but am simply a user. You might wish to ask for some support in the forums @ »ntcanuck.com or on Steve Gibson's news server which hosts the Treewalk newsgroup.
While I'm not familiar with Peerguardian from personal experience, I know what the program does. I am, however, quite familiar with BIND (Treewalk). The only ports BIND and by extension Treewalk should use out of the box, so to speak is the privileged ports TCP 53, UDP 53, and TCP 953. UDP packets over 512 bytes will usually be resent over TCP; the reply DNS data packets will be received over UDP or TCP on an ephemeral (>1024) port(s).
This is all very normal DNS server/resolver message behavior.
»treewalkdns.com/faq.htm#a-tw_ports
You can control which ports it uses by stopping the service, editing named.conf and restarting the service (although it's hard to imagine a conflict since these are standard.)
It should use no ephemeral ports at all in use unless a long DNS reply is being sent from a DNS server over a high port.
In any case, here's the area of named.conf that controls ports BIND listens to (and by extension holds):
a) edit %windir%\system32\dns\etc\named.conf
b) look for:
controls {
inet 127.0.0.1 port 953 <-- Control Port
allow { 127.0.0.1; } keys { "rndc-key"; };
};
// and
options {
listen-on port 53 { 127.0.0.1; }; <-- Exposed DNS port.
};
--
HTH,
Dave |
|
RickNY
Premium
join:2000-11-02
New York | reply to StreetSpirit
David,
Thanks for a most excellent article.. I've been using Treewalk with OpenDNS set as forwarders for a few months now, and its works fantastic. Thanks for taking the time to do this for everyone else out there!
Rick |
|
cysko
join:2004-11-16
East Moriches, NY | reply to StreetSpirit
Excellent article!!!
I've been looking on and off for something like this for a while!
Great job! |
|
nypix
@optonline.net | reply to nypix
I should reiterate. PG2 isn't picking up where it used to, but since treewalk it's going out on port 1026 to sites I haven't seen come up before.
Any thoughts? |
|
nypix
@optonline.net
| reply to StreetSpirit
My peerguardian 2 doesn't seem to be picking up after installing treewalk.
I haven't followed the rest of your guide yet but all I want is better DNS response.
I also use the host file from this site.
»www.mvps.org/winhelp2002/hosts.htm
I recall your PC uses this first so it shouldn't be a problem or could it? |
|
Lex Luthor
Premium,Mod
join:2000-09-17
Hicksville, NY
Host:
OptimumOnline
Users Find Hot Deals
Users find Hot Dea..
Requests for Hot D..
| reply to phriday613
I've been using OpenDNS for a few months now and while it's been working well, it's not perfect.
A while ago there was a site I couldn't get on OpenDNS, but could using OOL's DNS servers. Eventually they did get it working.
Just last week, I couldn't get to statefarm.com last week on OpenDNS, but could using OOL.
I was very impressed with OpenDNS's support. They answered my email in a couple of hours and we wound up having about 3 emails going back and forth. Finally someone gave me their IM address and suggested we work on the problem in real time.
Turns out I had IPV6 enabled and that was causing a request for an AAA record instead of the A record and I guess statefarm wasn't handling it properly. Not sure why it would work on OOL though. I removed the IPv6 protocol and it's working again. I assume they probably were going to do something on their end as well to fix the problem for people who still have IPv6 enabled. |
|
phriday613
Your Avatar Is Nice... For Me To Poop On
Premium
join:2002-02-06
Eastchester, NY
clubs:
|  reply to StreetSpirit
Thank you for that clear article about opendns!
I have to check when I go home later which I am using.. I think I am on openDNS, but don't remember...
--
"Forewarned is forearmed..." -gwion |
|
