[OOL] [Guide] Using OpenDNS.com with or without Treewalk. in OptimumOnline

Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.

Sun, 25 Feb 2007 20:15:00 EDT

StreetSpirit : MxxCon, I did not try using the nameservers outright but immediately integrated them as forwarders. To be honest, I wasn't happy with OpenDNS performance as forwarders. I was thinking perhaps if I removed Treewalk but didn't have the time.

I commented them out about a week after I wrote this.

I was also seeing a difficulty to resolve sites. Perhaps if one uses them simply as DNS servers, PowerDNS would perform better, but I didn't like the performance when using them as forwarders.

Guess not. Go figure :)
Dave

Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.

Sun, 25 Feb 2007 18:39:16 EDT

MxxCon : i've switched to opendns from treewalk after your article and lately i noticed that about 50% of page views, especially with multiple elements stall forcing me to do refresh to get things going again... :huh:
the moment i switched to treewalk everything is smooth and fast again.
i reconfigured treewalk to use opendns as forwarder, will see how it goes.
--
[Sig removed by Administrator: Signature can not exceed 20GB]

Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.

Fri, 02 Feb 2007 19:18:38 EDT

Dryvlyne : /EDIT
Nevermind

--

In relative terms life is shorter than the blink of an eye. Remember that each and every day because in the end it's not about what you've done but how you've lived.

Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.

Fri, 02 Feb 2007 13:23:34 EDT

StreetSpirit : I'm glad that it's working out for you. I also thank everyone who's thanked me in public or private.

A forum member clued me in to another OpenDNS thread in progress which might be of interest: »Excellent article about using OpenDNS vs ISP DNS - The thread references a NewsForge Article on the same subject.

Respectfully,
David

Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.

Fri, 02 Feb 2007 10:54:07 EDT

M A R K : With out exaggeration, im seeing 50% faster page loads. Sites like my space and CNN and other news sites would take so long to load for me, all issues are GONE!
--
Zionism is a hate crime

Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.

Sat, 27 Jan 2007 16:00:57 EDT

RickNY : On my Linksys router, I actually pointed the Static DNS 3 entry to a non-existent IP on my LAN because I was unsure of the methodology that DD-WRT was using to select out of the 3 entries -- and I found it was picking the OOL one more often than not. Since I want to use OpenDNS' phishing and spelling protection, I needed to make sure the OOL DNS wasnt utilized. If you leave the 3rd one empty on the Static DNS entry of the Linksys, it replaces the 3rd entry with the 3rd DNS server obtained via DHCP.

Even though I am running Treewalk with OpenDNS as forwarders on my desktop PC, I set the Linksys router up with the OpenDNS entries because I also utilize the router as a SOCKS proxy via SSH from work, and have DNS done through the SOCKS proxy -- so in my case I also wanted the router to have it go to OpenDNS as well.

Re: [OOL] [Guide] ANALYZING DNS SERVERS ONLINE

Sat, 27 Jan 2007 13:46:15 EDT

StreetSpirit :
Here are some DNS Servers to switch to in a pinch - although I do not support using servers from another ISP, not specifically designated as free-access DNS servers, as you're causing load and interfering with legitimate users of the ISP/service

I was asked to post this anyway even with ethical reservations.

Therefore, Lexx Luthor, If this violates the spirit of the forum, as it well may, please remove this particular message. Thanks.

• Speakeasy non ip range restricted nearby servers:

216.231.41.2 (Washington DC - probably)
216.254.95.2 (NY, Massachusetts and Pennsylvania)

64.81.159.2 (Baltimore and Washington DC)
66.92.64.2 (Boston, Massachusetts)
66.92.224.2 (Philadelphia)
66.92.159.2 (Washington DC)

--
Regards,
Dave

Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.

Sat, 27 Jan 2007 13:39:26 EDT

andvari : Thanks, informative as always, Dave.

I am currently running BIND on my home network, and because of your research I've added the forwarder you recommended.

Since I am now running a few domains hosted on my home machines now (thanks to Boost) I have set up zone files for these domains so I can access these by domain name from my private network. The alternative I have is to configure my firewall to supply the OpenDNS names and use the firewall's DNS doctoring feature to supply the internal address instead of the external address for these domains.

I am wondering if you think there is any advantage/disadvantage to either setup?

Re: [OOL] [Guide] ANALYZING DNS SERVERS ONLINE

Sat, 27 Jan 2007 12:13:53 EDT

StreetSpirit : Here's a great tool which can help you judge the DNS server by commonly recognized criteria, tested on the fly.

• Visit »www.dnsreport.com/ and enter the server to be tested, or simply plug your server and domain as below

• Alternate Method: Examine this URL. Notice two changable parameter accepted by the dnsreport.Ch script:

http://www.dnsreport.com/tools/dnsreport.ch?domain=dslreports.com&server=208.67.222.222
 
domain=somedomain.tld
      -and-
server=x.x.x.x (a DNS server to be tested)

So say we want to test 167.206.3.207 and have it look up the domain dslreports.com - we would use a line like this:

http://www.dnsreport.com/tools/dnsreport.ch?domain=dslreports.com&server=167.206.3.207

Enjoy, wonderful tool imo.

--
Regards,
Dave

Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.

Sat, 27 Jan 2007 08:13:22 EDT

StreetSpirit :

said by nypix :

My peerguardian 2 doesn't seem to be picking up after installing treewalk.
I haven't followed the rest of your guide yet but all I want is better DNS response.

That's simple enough. If you're using a router, no router, Windows, Linux, or even a smart phone, visit »www.opendns.com/start/at_home.php to get instructions. For example, say you have Windows XP without a router, view the page »www.opendns.com/start/windows_xp.php in that case for screen captures and detaild instructions on using PowerDNS.

Essentially you will be changing your DNS at your router or PC to 208.67.222.222 and 208.67.220.220.

Hope this helps.

Remember you can choose any other two "tier-2" DNS servers (tier 2 means those who reply to clients.)

My next message will include a method to TEST dns servers and a few tier-2 servers which can be accessed by us.

Good luck.

Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.

Sat, 27 Jan 2007 07:52:21 EDT

StreetSpirit : I doubt it Ken, you seem like you have all the bases covered.

You might want to try adding the forwards, but it can only add redundancy (and perhaps confusion :p). Bind and Treewalk do a fine job on their own in minimizing latency by employing smart caching.

I guess what I'm trying to say , if it works, don't fix it :)

If you do decide to add the forwarders, PLEASE visit the site and make yourself an account, then disable their URL spelling correction and phishing protection.

Good luck! I can't say you'd see much benefit. Wanna be sure? Run Gibson's DNSRU.exe utility (hold down the shift key) to time your current DNS response (zap the cache first). Afterwards, shut down the service, zap the cache again and run DNSRU with the forwarders. See if there's ANY benefit in the local resolves.

Another thought.. My particular router allows me to specify several DNS servers, not being limited to two. I use several quick conventional DNS servers and the PowerDNS resolvers as part of my router's DNS list.

I have exactly the same setup as yours- Treewalk running on the network (say 192.168.0.2), PCs on the network have an entry pointing to the network-exposed BIND. ACLs prevent the server from accepting any connections outside the lan. The second DNS entry points to my router with the same setup on the PC running BIND.

Good luck, hope these musings help :)
Dave

Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.

Fri, 26 Jan 2007 23:07:34 EDT

Ken Peterson : I have a PC that runs 24/7 set up statically on my home LAN and it's running Treewalk. Then in my Linksys router (running DD-WRT) I have the OpenDNS servers coded in as DNS 1 & 2 with an OOL DNS server as # 3.

My Windows boxes on my LAN are configured so their DNS #1 points to the 24/7 machine running Treewalk, & DNS 2 points to the router for resolution (192.168.1.1).

I am wondering if this forward stuff is needed with this setup?

Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.

Fri, 26 Jan 2007 21:03:09 EDT

StreetSpirit :

said by RickNY :

David,

Thanks for a most excellent article.. I've been using Treewalk with OpenDNS set as forwarders for a few months now, and its works fantastic. Thanks for taking the time to do this for everyone else out there!

Rick

Thanks Rick and everyone else who voted thumbs up and such. I'm glad I was able to stimulate some discussion on overcoming bad DNS servers, and using OpenDNS.

To be honest, a friend IM'd me for some help with using OpenDNS as forwarders. Once I'd got a little bit into the subject, I figured I might as well take a little extra time and post it for the public to benefit (ymmv) as well.

--
Regards,
Dave

Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.

Fri, 26 Jan 2007 21:00:24 EDT

StreetSpirit : Hi - I'm sorry you had trouble. I did not write Treewalk nor BIND, but am simply a user. You might wish to ask for some support in the forums @ »ntcanuck.com or on Steve Gibson's news server which hosts the Treewalk newsgroup.

While I'm not familiar with Peerguardian from personal experience, I know what the program does. I am, however, quite familiar with BIND (Treewalk). The only ports BIND and by extension Treewalk should use out of the box, so to speak is the privileged ports TCP 53, UDP 53, and TCP 953. UDP packets over 512 bytes will usually be resent over TCP; the reply DNS data packets will be received over UDP or TCP on an ephemeral (>1024) port(s).

This is all very normal DNS server/resolver message behavior.

»treewalkdns.com/faq.htm#a-tw_ports

You can control which ports it uses by stopping the service, editing named.conf and restarting the service (although it's hard to imagine a conflict since these are standard.)

It should use no ephemeral ports at all in use unless a long DNS reply is being sent from a DNS server over a high port.

In any case, here's the area of named.conf that controls ports BIND listens to (and by extension holds):


a) edit %windir%\system32\dns\etc\named.conf
b) look for:
 
controls {
  inet 127.0.0.1 port 953             <-- Control Port
  allow { 127.0.0.1; } keys { "rndc-key"; };
};
 
// and
 
options {
   listen-on port 53 { 127.0.0.1; };  <-- Exposed DNS port.
};

--
HTH,
Dave

Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.

Fri, 26 Jan 2007 15:25:08 EDT

RickNY : David,

Thanks for a most excellent article.. I've been using Treewalk with OpenDNS set as forwarders for a few months now, and its works fantastic. Thanks for taking the time to do this for everyone else out there!

Rick

Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.

Fri, 26 Jan 2007 11:37:20 EDT

cysko : Excellent article!!!
I've been looking on and off for something like this for a while!
Great job!

Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.

Fri, 26 Jan 2007 11:02:37 EDT

anon : I should reiterate. PG2 isn't picking up where it used to, but since treewalk it's going out on port 1026 to sites I haven't seen come up before.
Any thoughts?

Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.

Fri, 26 Jan 2007 11:00:58 EDT

anon : My peerguardian 2 doesn't seem to be picking up after installing treewalk.
I haven't followed the rest of your guide yet but all I want is better DNS response.
I also use the host file from this site.
»www.mvps.org/winhelp2002/hosts.htm
I recall your PC uses this first so it shouldn't be a problem or could it?

Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.

Fri, 26 Jan 2007 10:08:58 EDT

Lex Luthor : I've been using OpenDNS for a few months now and while it's been working well, it's not perfect.

A while ago there was a site I couldn't get on OpenDNS, but could using OOL's DNS servers. Eventually they did get it working.

Just last week, I couldn't get to statefarm.com last week on OpenDNS, but could using OOL.

I was very impressed with OpenDNS's support. They answered my email in a couple of hours and we wound up having about 3 emails going back and forth. Finally someone gave me their IM address and suggested we work on the problem in real time.

Turns out I had IPV6 enabled and that was causing a request for an AAA record instead of the A record and I guess statefarm wasn't handling it properly. Not sure why it would work on OOL though. I removed the IPv6 protocol and it's working again. I assume they probably were going to do something on their end as well to fix the problem for people who still have IPv6 enabled.

Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.

Fri, 26 Jan 2007 09:55:10 EDT

phriday613 : Thank you for that clear article about opendns!

I have to check when I go home later which I am using.. I think I am on openDNS, but don't remember...
--
"Forewarned is forearmed..." -gwion

Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.

Fri, 26 Jan 2007 09:49:22 EDT

MxxCon : very nice article.

if some folks are hesitant to install full blown dns server on their system or afraid of using command prompt or manually editing config files, they should check out ExtraDNS.
it's a windows app that does pretty much the same as Treewalk.
it allows you to query up to 10 different dns servers at once and use results from the fastest one. it also has builtin cache and timers to see how fast/accurate each server is.
--
[Sig removed by Administrator: Signature can not exceed 20GB]

Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.

Fri, 26 Jan 2007 09:21:05 EDT

mack1951 : Very cool. Thanks for doing all the work. Will benefit anyone on OOL or other services with slow or bad DNS servers.
--
THE ROAD: Romans 3:23, 6:23, 5:8, 10:9

[OOL] [Guide] Using OpenDNS.com with or without Treewalk.

Fri, 26 Jan 2007 06:00:21 EDT

StreetSpirit : Good day. I did a bit of research on OpenDNS, and have a bit of a redux for everyone:

A modern web page can have hundreds of elements. A modern OOL DNS server loves to time out. This is the reason for "multiple clicks" to get to a webpage and other DNS based problems. As DNS introduces a time out period, it will see as if your service took a break.

The problem is easily rectified by using either OpenDNS alternate DNS servers (easier) or setting up Treewalk [BIND] DNS Caching Service (a little more involved.)

For those who aren't using Treewalk or BIND, it is very simple to switch to OpenDNS. Simply plug in their servers into your router or network adapter. Screen-shots and detailed information for both users of routers and not is found at »www.opendns.com/start/at_home.php - It literally takes a few seconds to change over. - Do read the FAQ, there are advanced features which can be turned on and off with a free member's account.

For those of you who already run Treewalk amd may wish to integrate Treewalk with OpenDNS please

• Remember that OpenDNS servers aren't "root-servers"
but just resolvers. Refer to Obiwan's post @ »forums.treewalkdns.com/readmessa···3E&group

• If you want to use the OpenDNS servers, you can use them as forwarders. To do so from CMD using Treewalk:

1. net stop twdns                    (Stop Treewalk Service)
   C:
   cd %windir%\system32\dns\etc      (switch to TWDNS Dir)
   copy named.conf myoldnamed.conf   (Back up the config)
   notepad named.conf                (Edit the TWDNS config)
 
2. Uncomment (remove the // ) the 
"forward first;" and "forwarders(...;);" lines and replace the "forwarders" 
IP addresses with the OpenDNS name servers. Ex:
 
-- named.conf ---
 
  forward first;
forwarders { 208.67.222.222; 208.67.220.220; };
 
------ cut ------
 
3. Zap your Treewalk Cache by using %windir%\system32\dns\bin\zapcache.bat
 
After the service restarts, you will be using OpenDNS as forwarders.

To verify that your copy of Treewalk (or BIND for that matter) is using the forwarders, surf to »welcome.opendns.com/ and look for a pretty red checkmark :)

Caveat: I suggest you create an account on www.opendns.com and disable spelling correction, anti-phishing protection and a few other advanced functions; to make the servers work more like standard BIND. Important - Please read »www.opendns.com/faq/#forwarding

I did a little bit of testing (not much) regarding latency and distance.

The servers are brisk. Notice that they are sitting on what is essentially the same network, so if they loose connectivity to ntt.net, or are facing a DDOS attack, both servers can be lost/compromised.

This is somewhat surprising, as the company is out of San Francisco. Perhaps it serves a page with DNS servers based on your IP location but this is unlikely. I will however test from a box in California later today.

( Just as an example, here is a proper way to set up multiple DNS servers to be redundant in case a network facility goes down )

The Below Nameservers do NOT provide queries from clients and should not be used for your DNS resolution. They are for example only on how to spread out DNS servers.

dave69@ericis1:~/usr/gccstuff/source/dns/ #host ns1.freedns.org
ns1.freedns.org has address 66.116.125.199
 
dave69@ericis1:~/usr/gccstuff/source/dns/ #host ns2.freedns.org
ns2.freedns.org has address 66.116.125.199
 
dave69@ericis1:~/usr/gccstuff/source/dns/ #host ns3.freedns.org
ns3.freedns.org has address 66.116.125.199
 
dave69@ericis1:~/usr/gccstuff/source/dns/ #host ns4.freedns.org
ns4.freedns.org has address 66.116.125.199

Here are the results of interest:

• ~14ms to reach resolver1.opendns.com and resolver2.opendns.com

• ~65msec to send and receive a 400 byte sized non-locally cached UDP reply. Remember that less than 512byte queries are responded to via UDP, while larger queries use TCP.

• Problematic use of the same network and possibly the same Data Center facilities. Ideally servers should be spread around geographic and IP boundaries.

• Tracert to resolver1.opendns.com

Tracing route to resolver1.opendns.com [208.67.222.222]
over a maximum of 30 hops:
 
  1     5 ms     5 ms     5 ms  10.27.64.1
  2     6 ms     5 ms     5 ms  dstswr1-vlan2.rh.nyk2ny.cv.net [67.83.220.161]
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     8 ms     7 ms     7 ms  64.15.0.17
  6    10 ms     7 ms     7 ms  64.15.0.38
  7     *        *        *     Request timed out.
  8    56 ms    14 ms    14 ms  as-0.r21.asbnva01.us.bb.gin.ntt.net [129.250.2.9]
  9    14 ms    13 ms    14 ms  xe-1-1.r04.asbnva01.us.bb.gin.ntt.net [129.250.2.181]
 10    14 ms    15 ms    15 ms  fa-0.freedom.asbnva01.us.bb.gin.ntt.net [129.250.12.114]
 11    15 ms    15 ms    15 ms  resolver1.opendns.com [208.67.222.222]
 
Trace complete.

• Tracert to resolver2.opendns.com

 
Tracing route to resolver2.opendns.com [208.67.220.220]
over a maximum of 30 hops:
 
  1     8 ms     6 ms     5 ms  10.27.64.1
  2     5 ms     5 ms     5 ms  dstswr1-vlan2.rh.nyk2ny.cv.net [67.83.220.161]
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     7 ms     7 ms     7 ms  64.15.0.17
  6     8 ms     7 ms     7 ms  64.15.0.38
  7     *        *        *     Request timed out.
  8    14 ms    13 ms    13 ms  as-0.r21.asbnva01.us.bb.gin.ntt.net [129.250.2.9]
  9    13 ms    17 ms    13 ms  xe-1-1.r04.asbnva01.us.bb.gin.ntt.net [129.250.2.181]
 10    15 ms    15 ms    14 ms  fa-0.freedom.asbnva01.us.bb.gin.ntt.net [129.250.12.114]
 11    15 ms    15 ms    15 ms  resolver2.opendns.com [208.67.220.220]
 
Trace complete.

*** Note the hop 129.250.12.114 being identical as the next to last hop on both resolvers. Bad idea in practice. ***

I did a few random digs to time the servers. Here are the results:

Resolver 1:

dave69@ericis1:~/usr/gccstuff/source/dns/ #dig @208.67.222.222 AAAA irc.efnet.nl
 
; <<>> DiG 9.4.1 <<>> @208.67.222.222 AAAA irc.efnet.nl
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
 
;; QUESTION SECTION:
;irc.efnet.nl.                  IN      AAAA
 
;; ANSWER SECTION:
irc.efnet.nl.           39224   IN      CNAME   efnet.bit.nl.
efnet.bit.nl.           600     IN      AAAA    2001:7b8:3:3f:201:2ff:fef6:574e
 
;; Query time: 109 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Fri Jan 26 05:13:49 2007
;; MSG SIZE  rcvd: 82

Resolver 2:

dave69@ericis1:~/usr/gccstuff/source/dns/ #dig @208.67.220.220 A memritv.org
 
; <<>> DiG 9.4.1 <<>> @208.67.220.220 A memritv.org
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1740
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
 
;; QUESTION SECTION:
;memritv.org.                   IN      A
 
;; ANSWER SECTION:
memritv.org.           21600   IN      A       66.116.177.5
 
;; Query time: 31 msec
;; SERVER: 208.67.220.220#53(208.67.220.220)
;; WHEN: Fri Jan 26 05:22:00 2007
;; MSG SIZE  rcvd: 45

Overall Picture & Benchmarks:


 
  127.  0.  0.  1 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  Cached Name     | 0.000 | 0.000 | 0.001 | 0.000 | 100.0 |
  Uncached Name   | 0.018 | 0.072 | 0.225 | 0.045 | 100.0 |
  DotCom Lookup   | 0.024 | 0.103 | 0.327 | 0.066 | 100.0 |
  ----------------+-------+-------+-------+-------+-------+
 
    4.  2.  2.  1 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  Cached Name     | 0.007 | 0.008 | 0.013 | 0.001 | 100.0 |
  Uncached Name   | 0.009 | 0.042 | 0.114 | 0.031 | 100.0 |
  DotCom Lookup   | 0.018 | 3.704 | 4.329 | 1.183 |  99.0 |
  ----------------+-------+-------+-------+-------+-------+
 
  208. 67.222.222 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  Cached Name     | 0.014 | 0.017 | 0.022 | 0.002 | 100.0 |
  Uncached Name   | 0.017 | 0.066 | 0.204 | 0.041 | 100.0 |
  DotCom Lookup   | 0.023 | 0.104 | 0.327 | 0.067 | 100.0 |
  ----------------+-------+-------+-------+-------+-------+
 
  208. 67.220.220 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  Cached Name     | 0.013 | 0.016 | 0.024 | 0.002 | 100.0 |
  Uncached Name   | 0.017 | 0.074 | 0.230 | 0.047 | 100.0 |
  DotCom Lookup   | 0.021 | 0.100 | 0.323 | 0.063 | 100.0 |
  ----------------+-------+-------+-------+-------+-------+
 
  167.206.  3.207 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  Cached Name     | 0.006 | 0.008 | 0.010 | 0.000 | 100.0 |
  Uncached Name   | 0.009 | 0.037 | 0.103 | 0.030 | 100.0 |
  DotCom Lookup   | 0.017 | 0.033 | 0.117 | 0.024 | 100.0 |
  ----------------+-------+-------+-------+-------+-------+
 
  167.206.  3.143 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  Cached Name     | 0.006 | 0.008 | 0.011 | 0.001 | 100.0 |
  Uncached Name   | 0.008 | 0.041 | 0.125 | 0.032 | 100.0 |
  DotCom Lookup   | 0.017 | 0.040 | 0.136 | 0.031 | 100.0 |
  ----------------+-------+-------+-------+-------+-------+
 
  167.206.  3.141 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  Cached Name     | 0.006 | 0.008 | 0.012 | 0.001 | 100.0 |
  Uncached Name   | 0.008 | 0.040 | 0.181 | 0.035 | 100.0 |
  DotCom Lookup   | 0.018 | 0.038 | 0.133 | 0.030 | 100.0 |
  ----------------+-------+-------+-------+-------+-------+
 
    4.  2.  2.  2 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  Cached Name     | 0.007 | 0.009 | 0.014 | 0.001 | 100.0 |
  Uncached Name   | 0.010 | 0.045 | 0.198 | 0.035 | 100.0 |
  DotCom Lookup   | 0.021 | 3.619 | 4.319 | 1.264 |  99.5 |
  ----------------+-------+-------+-------+-------+-------+
 
    4.  2.  2.  3 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  Cached Name     | 0.007 | 0.009 | 0.012 | 0.001 | 100.0 |
  Uncached Name   | 0.009 | 0.037 | 0.117 | 0.029 |  99.5 |
  DotCom Lookup   | 0.029 | 3.800 | 4.323 | 1.037 |  99.0 |
  ----------------+-------+-------+-------+-------+-------+
 
    4.  2.  2.  4 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  Cached Name     | 0.007 | 0.010 | 0.015 | 0.001 | 100.0 |
  Uncached Name   | 0.010 | 0.042 | 0.127 | 0.030 | 100.0 |
  DotCom Lookup   | 0.020 | 3.664 | 4.220 | 1.213 |  99.0 |
  ----------------+-------+-------+-------+-------+-------+
 
  UTC: 2007-01-26, from 10:24:23 to 10:27:28, for 03:04.219

Observations:

• The 4.2.2.x Level-3 servers are overloaded! Look at the average Dot Com lookup, which can sometimes take 4+ seconds! Anyone using them should immediately switch to some other pair.

• The resolvers at OpenDNS are working well, notice that the response time and physical proximity to us on OOL. A response time of ~20-100ms is quite comparable to native ISP servers, and isn't subject to problems that we experience with 167.xx OOL DNS servers.

• The optimum configuration for me seems to be BIND or Treewalk with forwarders to OpenDNS. This is my opinion.

I hope this has been an informative report, and has given you some hard data by which to judge DNS servers.

--
Regards,
David.

[ed: fixed subject]