New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
what dns do you use for resolve.conf
Oldmanasking
Member
in General
I am using 1.1.1.1 1.0.0.1 cloudflare what bout you?
Comments
127.0.0.1
Suspicious_oldman.jpg
Normally goggles, 8.8.8.8 or 8.8.4.4
Tinfoil hat ensues
1.1.1.1
8.8.8.8
192.168.1.1
localhost
Datacenters DNS usually plus 8.8.8.8 + 1.1.1.1 or opendns too.
I tried 1.1.1.1 briefly, but it lowercases all PTR responses. Compare:
and
The latter looks like trash IMO, and for no good reason. Removed that one from all my hosts and will never use it.
For one where the company's primary job is something else other than spying on your queries, I like NTT's public resolvers:
But the first line in that list in most cases will be 127.0.0.1 with an instance of
unbound
running.We save a critical 1 byte of storage by leaving the 'e' off the end.
1.1.1.1 and 1.0.0.1 is better as its faster.
Cloudflare blocks 2 out of 11 VPS providers that I use by default. If you have cheapo providers they may be on some blocklists. So when I assign ip123.mydomain.tld an A record or even AAAA it can't be resolved. After some changes, cat /etc/resolv.conf
nameserver 10.1.1.1
nameserver 192.168.20.20
nameserver 8.8.4.4
nameserver 1.1.1.1
root@lowcalhost:~#
First DNS is datacenter, second DNS local VM server, then Google, then CF last. I recommend putting your local ISP DNS before CF/Google.
If your datacenter provides DNS, then you should either use that or create your own resolvers. The response time will always be faster.
127.0.0.1 is the fastest.
Keep in mind only the first three entries are ever used, no matter how many you add. True story.
Across Google's, CF's, NTT's, or running my own, I have never ran into a situation where I'd say "gosh, this DNS is so slow! I wish it would be just a bit faster!" We're long past the point of DNS being slow (just don't use the ISP and DC ones which can be plain misconfigured and broken), so if you believe you absolutely must have CF (and their spying) to make it "fast", then you are just a brainwashed victim of their marketing, simple as that.
opennic.org
Also be noted that glibc try each server in sequence and try the next only after one times out while musl queries them all in parallel.
Thanks for the pointer. Do they have a privacy policy?
which causes DNS traffic to triple with the intention to intentionally discard 2/3 of all responses?
Doesn't sound like a great deal to me.
Personally I'd prefer something "more intelligent" like BIND's forwarding algorithm which continously meassures RTT among all configured forwarders assigning faster servers a more preferred weight.
Source: https://docstore.mik.ua/orelly/networking_2ndEd/dns/ch02_06.htm
Correct. Justification and mitigations are on the wiki page too.
But IMO worse is when your first one (or two) servers are dead, and glibc gets stuck at every DNS query.
Quad 9 + a couple hand selected and checked daily regional servers from halfway decent orgs.
Plus a good local cache.
And: glibc is sh_tty? Who woudda thought that?!!
But: There are some widely unknown resolver parameters to somewhat tune it.
Here is what I push to all my servers.
NTT, HE.net and Verisign.
All pretty quick (anycast), support ANY, no dns hijacking, and probably not farming my personal data.
dnscrypt-proxy using these
- 0ms cisco-familyshield
- 1ms adguard-dns-family
- 1ms cleanbrowsing-family
Quad9, Layer3/CenturyLink, or my own DNS servers.
I used to use Google DNS, then switched to CloudFlare, then CloudFlare started heavily rate limiting the OVH network so I switched back to Google. I use Q9 in some stuff.
8.8.8.8
same here. My 1st one is CF, second is Google.
69.69.69.69 if all else fails 666.666.666.666
8.8.4.4 and 1.1.1.1, first Google and then CF.
I had forgotten about
options rotate
: that's a good tipdns.google