Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Advantages of having own DNS
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Advantages of having own DNS

aliletalilet Member
edited May 2022 in Help

If I want to query a DNS then I can use some public ones like Google, CloudFlare etc. But they apply rate limits if you cross a certain threshold. What I have seen that the threshold is very high but still what if I want to use my own DNS. My questions are:

  1. Does it require high RAM or CPU i.e. the more the queries the more resources required? Is there some number available regarding this?
  2. From where will my DNS get data? Will my DNS request data from another DNS or will it store all data locally? I mean if it will get it from another DNS then it doesn't really serve my purpose because you are just forwarding request to another DNS, right!?

Comments

  • dane_dohertydane_doherty Member
    edited May 2022

    TL;DR: My DNS amplification DDoS attack didn't work.

    @alilet said: But they apply rate limits if you cross a certain threshold

    I wonder what that threshold is.

    @alilet said: Does it require high RAM or CPU i.e. the more the queries the more resources required? Is there some number available regarding this?

    No, RAM and CPU don't actually do anything. They're just the facade. Computing power is actually provided by space aliens.

    @alilet said: I mean if it will get it from another DNS then it doesn't really serve my purpose because you are just forwarding request to another DNS, right!?

    This is kinda how DNS works, yes.

    Use Cloudflare Onion Hidden Service DNS resolver. They can't rate limit you if everybody has the same IP address.

    Thanked by 3Hotmarer szymonp taizi
  • devpdevp Member
    edited May 2022

    @alilet said: If I want to query a DNS then I can use some public ones like Google, CloudFlare etc. But they apply rate limits if you cross a certain threshold. What I have seen that the threshold is very high

    Most Public Sites are good in terms of DNS query threshold.

    @alilet said: still what if I want to use my own DNS.

    You can use your own DNS though being custom DNS devices has to connect to your DNS to get benfit of those customizations. Those devices ( both end user devices and network devices ) have to be configured to use your DNS which may be restrictive in use case specially in distributed corporate implementations.

    @alilet said: Does it require high RAM or CPU i.e. the more the queries the more resources required? Is there some number available regarding this?

    Resource usage can be optimized using standards for managing high volume traffic production site.

    @alilet said: From where will my DNS get data? Will my DNS request data from another DNS or will it store all data locally? I mean if it will get it from another DNS then it doesn't really serve my purpose because you are just forwarding request to another DNS, right!?

    You can configure upstream DNS provider for resolution to resource location and add custom DNS list to your DNS server.Further cache upstream DNS query locally as requests are processed.

    Thanked by 2alilet O0ooo
  • fynixfynix Member

    @dane_doherty said: TL;DR: My DNS amplification DDoS attack didn't work.

    Who did you attack now?

  • devpdevp Member

    @dane_doherty said: TL;DR: My DNS amplification DDoS attack didn't work.

    Due to limit from your VPS Server and upstream ISP for server.

    Server and network do have a limit on number of request that can be send using available ports on server and available active consistent streams from single IP in network configuration.

  • @devp said:

    @dane_doherty said: TL;DR: My DNS amplification DDoS attack didn't work.

    Due to limit from your VPS Server and upstream ISP for server.

    A project of mine involves consuming a stream of domain names and making hundreds of DNS resolutions per second, I can very well reach that limit after which Cloudflare and Google's public resolver would return SERVFAIL responses, and this is on a consumer grade ISP.

    Since my use case isn't amplification but I still need that throughput, I just distribute the DNS resolution task over multiple public DNS resolvers and impose a maximum limit at which queries would be sent to any given resolver.

    But to answer OP:

    @alilet said: Does it require high RAM or CPU i.e. the more the queries the more resources required?

    Yes, though you'd need to run your own resolver and perform your own load testing.

    @alilet said: From where will my DNS get data?

    If you're running an authoritative nameserver, you would be responsible for configuring it with the correct DNS records. On the other hand, If you're running an open resolver, it should implement iterative resolution to get the correct DNS records.

    Thanked by 3alilet risharde devp
  • aliletalilet Member

    So if I understood correctly, let's say I query lowendtalk.com so it will first query my DNS and if record available, fetch the record from there? And if record not available then it will connect to upstream DNS and fetch record from there? And from now on that record will be locally available on my DNS or do I have to make it happen?

  • @alilet said:
    So if I understood correctly, let's say I query lowendtalk.com so it will first query my DNS and if record available, fetch the record from there? And if record not available then it will connect to upstream DNS and fetch record from there? And from now on that record will be locally available on my DNS or do I have to make it happen?

    It will be locally available for the TTL amount of seconds. This is what a DNS server should do by default

    Thanked by 1alilet
  • ralfralf Member

    You would query whichever server(s) you have set up as your DNS servers. This might be your localhost, your router, your ISP, whatever has a DNS server running on it.

    If the server your query happens to be authoritative for the domain (i.e. it is a primary or secondary server), it will give you the records you asked for.

    There are 2 basic types of DNS servers, forwarding and non-forwarding, and this comes into play when the server you queried isn't authoritative for the domain.

    A non-forwarding server, sends you an SOA record that tells you about some other server(s) you can query, which will either be a server it has cached that it knows can handle part of the domain name (e.g. the .com part or .co.uk etc), or it will tell you about the root servers instead, which will give you the top-level answers.

    A forwarding server (such as your ISP probably provides), will instead ask those servers directly, cache the response and then reply to you. That way lots of people don't need querying the main DNS servers all the time.

    Thanked by 1alilet
  • risharderisharde Patron Provider, Veteran

    @alilet said:
    If I want to query a DNS then I can use some public ones like Google, CloudFlare etc. But they apply rate limits if you cross a certain threshold. What I have seen that the threshold is very high but still what if I want to use my own DNS. My questions are:

    1. Does it require high RAM or CPU i.e. the more the queries the more resources required? Is there some number available regarding this?

    Just thought I would share my experience especially when I built onddns in December last year (2021). This is based on my custom code and not standard dns software like bind or power dns etc. I was rather surprise to learn that queries are much more sporadic than one would imagine. You can't just count that people will know your domain and do a dns query but that there are crazy bots out there randomly calling your domain (especially if it's an old or known domain). Numbers are hard to say because of this. My experience so far is that dns servers generally use low cpu especially if you are using a personal one just for your domain alone). With just about 20 domains on onddns, I see between 1000 to 9000 requests per hour (x 10 servers) not all of which are equally balanced.

    Ram/memory is quite negligible and inconsequential at these small domain counts.

    1. From where will my DNS get data? Will my DNS request data from another DNS or will it store all data locally? I mean if it will get it from another DNS then it doesn't really serve my purpose because you are just forwarding request to another DNS, right!?

    It would be dumb and hilarious if I answer this wrongly considering I coded a dns service but I will attempt to answer this.

    So if you host your own dns, this would 'assumably' mean you set your domain to point to your personal dns server(s) - at least 2 on different networks are preferable.

    When someone looks up your domain, they lookup usually from a public dns server. This public dns server would query your dns server for lets say the A record. I think the public server checks the ttl for this record and tries to respect the ttl by keeping the answer it got for the ttl period. If the public dns sees that the ttl has expired, it re-queries your personal server again (think of it like a refresh). So you basically still need to rely on your personal dns server since it remains the source server. I hope I read and answered you correctly.

    If you have a normal domain for a normal site, unless you need low ttls, not sure you really need to maintain your own dns, sounds more like an extra hassle just use your domain registrar one (they don't really have any noticeable limits as far as I have ever noticed) and you don't need to maintain infrastructure for your domains.

    Thanked by 2emgh alilet
  • emghemgh Member

    @risharde said:

    @alilet said:
    If I want to query a DNS then I can use some public ones like Google, CloudFlare etc. But they apply rate limits if you cross a certain threshold. What I have seen that the threshold is very high but still what if I want to use my own DNS. My questions are:

    1. Does it require high RAM or CPU i.e. the more the queries the more resources required? Is there some number available regarding this?

    Just thought I would share my experience especially when I built onddns in December last year (2021). This is based on my custom code and not standard dns software like bind or power dns etc. I was rather surprise to learn that queries are much more sporadic than one would imagine. You can't just count that people will know your domain and do a dns query but that there are crazy bots out there randomly calling your domain (especially if it's an old or known domain). Numbers are hard to say because of this. My experience so far is that dns servers generally use low cpu especially if you are using a personal one just for your domain alone). With just about 20 domains on onddns, I see between 1000 to 9000 requests per hour (x 10 servers) not all of which are equally balanced.

    Ram/memory is quite negligible and inconsequential at these small domain counts.

    1. From where will my DNS get data? Will my DNS request data from another DNS or will it store all data locally? I mean if it will get it from another DNS then it doesn't really serve my purpose because you are just forwarding request to another DNS, right!?

    It would be dumb and hilarious if I answer this wrongly considering I coded a dns service but I will attempt to answer this.

    So if you host your own dns, this would 'assumably' mean you set your domain to point to your personal dns server(s) - at least 2 on different networks are preferable.

    When someone looks up your domain, they lookup usually from a public dns server. This public dns server would query your dns server for lets say the A record. I think the public server checks the ttl for this record and tries to respect the ttl by keeping the answer it got for the ttl period. If the public dns sees that the ttl has expired, it re-queries your personal server again (think of it like a refresh). So you basically still need to rely on your personal dns server since it remains the source server. I hope I read and answered you correctly.

    If you have a normal domain for a normal site, unless you need low ttls, not sure you really need to maintain your own dns, sounds more like an extra hassle just use your domain registrar one (they don't really have any noticeable limits as far as I have ever noticed) and you don't need to maintain infrastructure for your domains.

    yes

    Thanked by 1risharde
  • AayushiAayushi Member

    Here are some advantages of having own DNS:

    • Your ISP will have a harder time tracking which websites you visit with increased privacy.
    • Reduce interference from ISP's ability to impose minor restrictions on a particular site.
    • You have more control over your surroundings. For example, you may now track which sites are being searched up (it'd be interesting to know what that black box linked to the internet is up to), ban a site you don't like, or create an internal domain.
  • szymonpszymonp Member

    If ur country does domain bans u will bypass

  • KousakaKousaka Member
    1. Yes.
    2. You get DNS data from other servers. Google keyword “authoritative DNS server” to get more information. Data acquired from other servers are often stored locally, for some time, as cache.

    Can you really bypass the thresholds set by public servers? Probably no. Your server has to get data from other servers, who often set their own limits. Consequently, you’ll still be hit by errors.

  • lebuserlebuser Member

    @Kousaka said: Can you really bypass the thresholds set by public servers? Probably no. Your server has to get data from other servers, who often set their own limits. Consequently, you’ll still be hit by errors.

    When you use public recursive names server then you send all DNS requests to a limited number of servers. But when you use your own recursive name server then you send requests to the root name servers, and other authoritative name servers on the internet. It should mean the requests are distributed over more name servers. Shouldn't that make a difference?

  • jarjar Patron Provider, Top Host, Veteran

    It's just another thing to manage. I run my own but I keep mirrors on public DNS systems so I can just swap when I get sick of it for whatever reason. Last time it was a powerful DDOS and I just wanted a nap.

  • kevindskevinds Member, LIR

    @stevewatson301 said:

    A project of mine involves consuming a stream of domain names and making hundreds of DNS resolutions per second, I can very well reach that limit after which Cloudflare and Google's public resolver would return SERVFAIL responses, and this is on a consumer grade ISP.

    Why? Seriously, why? I'm trying, but failing, to come up with any reasonable reasons to do this...

  • KousakaKousaka Member

    @lebuser said:

    @Kousaka said: Can you really bypass the thresholds set by public servers? Probably no. Your server has to get data from other servers, who often set their own limits. Consequently, you’ll still be hit by errors.

    When you use public recursive names server then you send all DNS requests to a limited number of servers. But when you use your own recursive name server then you send requests to the root name servers, and other authoritative name servers on the internet. It should mean the requests are distributed over more name servers. Shouldn't that make a difference?

    Depends on how many requests you make. If the amount is large, authoritative name servers will probably consider this as a DoS attack. I'm not sure about what is OP planning to do, maybe his own recursive server could solve his problem.

  • @kevinds said:

    @stevewatson301 said:

    A project of mine involves consuming a stream of domain names and making hundreds of DNS resolutions per second, I can very well reach that limit after which Cloudflare and Google's public resolver would return SERVFAIL responses, and this is on a consumer grade ISP.

    Why? Seriously, why? I'm trying, but failing, to come up with any reasonable reasons to do this...

    Discovering phishing and malware domains.

    Thanked by 1risharde
Sign In or Register to comment.