Renan Rangel crunching technology for breakfast

12May/140

Public DNS Comparison

Posted by Renan Rangel

I have been using Google DNS for some time and, while I agree that it does a good job, it also has some drawbacks. I have looked for some other public DNS providers, trying to find some information about which ones do not redirect when a record is not found or that work with DNSBLs (DNS Blackhole List), but the information is not simple to find. So I decided to gather the information and display here for public (and my own) use.

Getting redirected to a search page when a domain is not found really pisses me of. I know that some of these providers (like OpenDNS) support their free service this way, but it is really annoying. The table below shows the comparison of a few services:

DNS Server IP Address 1 IP Address 2 NXDOMAIN DNSBL support Query time
Google DNS 8.8.8.8 8.8.4.4
~26ms
OpenDNS 208.67.222.222 208.67.220.220
~3ms
Level3 209.244.0.3 209.244.0.4
~4ms
Dyn 216.146.35.35 216.146.36.36
~7ms
DNS Advantage 156.154.70.1 156.154.71.1
~5ms


*NXDOMAIN - Returns a "domain not found" instead of a search page.
*DNSBL - Supports DNS based blacklists for use with mail servers.
*Query time - As measured from a server in San Francisco.

It is a shame most servers do not accept these 2 things. I guess you should keep the ones that don't do search redirects for unknown domains for desktops and the others for mail servers that require DNSBLs. Also, it was a bit surprising seeing Google DNS taking so much time compared to the others.

Tagged as: No Comments
15Jan/120

Getting real-time information about TCP connections

Posted by Renan Rangel

Every sysadmin has a good set of tools that he works with. A nice addition to the Linux sysadmin that usually has to manage a gateway/firewall or other computers with a high number of connections is tcptrack.

tcptrack

It can show you the active TCP connections in real-time, sort them by speed, activity, etc, show how many connections currently exist and also their state. It is a simple tool but very informative - it can be very helpful when you need to find where traffic is coming from. As a bonus, it also supports tcpdump-like filters, so you can display only the connections you are looking for.

If you are using Debian Squeeze, you are out of luck (tcptrack exists in lenny and wheezy, but not in squeeze [?]), you will have to download and compile the lastest version. If you are running Gentoo, just emerge theĀ net-analyzer/tcptrack ebuild.