Compare quad9 vs cloudflare in DNS Resolver
chudak last edited by chudak
Can someone enlighten me how to interpret this results please
and why i see no data in "DNS Resolver Infrastructure Cache Stats" ?
Wow nobody knows this ?
You are running in forwarding mode so you see far less info there than you would as a caching resolver.
Your RTT to Cloudflare is very bad!
Wonder what control do I have to improve RTT ?
And how exactly this can be seen by an end user?
Well in your case that is extreme, 7 seconds! I doubt it's ever using 18.104.22.168 when quad9 return results in 94ms.
That does seem like such a bad result it might just have been an anomaly. Does it still show that?
Same RTT to 22.214.171.124 if you add that? Similar values if you just ping those IPs?
chudak last edited by chudak
Mmm, weird. Try tracerouting to 126.96.36.199. Compare it with 188.8.131.52. I expect those to be similar.
You understand that what your doing there with all those different forwarders is horrible setup right? If your going to forward, then you need to forward to NS that return the same results.
You have filtering NS and non filtering NS listed. So while 1 might block www.baddomain.tld - the other one wont.. So you have no idea what your client is going to get or which one will be asked.
If you want to use a filtering dns like quad 9, then do so - but don't also list google dns as one of the NS you forward too, since they do not filter..
Hmm I actually thought that 184.108.40.206, 220.127.116.11 and 18.104.22.168 all do filtering. Enabled 22.214.171.124 only for now.
It seems that sometimes it's fast and sometime is not.
Here are tracerouts :
traceroute to 126.96.36.199 (188.8.131.52), 64 hops max, 40 byte packets
1 lo0.bras1.snfcca14.sonic.net (184.108.40.206) 1.017 ms 0.917 ms 0.353 ms
2 0.ae10.cr2.colaca01.sonic.net (220.127.116.11) 17.276 ms 21.567 ms 21.981 ms
3 0.ae0.cr3.colaca01.sonic.net (18.104.22.168) 508.156 ms 444.347 ms 429.213 ms
4 * 0.ae0.cr2.lsatca11.sonic.net (22.214.171.124) 4708.927 ms *
5 50.ae4.gw.pao1.sonic.net (126.96.36.199) 1.906 ms 1.960 ms 1.702 ms
6 188.8.131.52 (184.108.40.206) 13.022 ms 6.051 ms 10.537 ms
7 one.one.one.one (220.127.116.11) 4.370 ms 4.123 ms 4.224 ms
traceroute to 18.104.22.168 (22.214.171.124), 64 hops max, 40 byte packets
1 lo0.bras1.snfcca14.sonic.net (126.96.36.199) 1.213 ms 0.994 ms 0.423 ms
2 0.ae10.cr2.colaca01.sonic.net (188.8.131.52) 12.407 ms 21.631 ms 21.147 ms
3 0.ae0.cr3.colaca01.sonic.net (184.108.40.206) 55.187 ms 116.384 ms 21.967 ms
4 0.ae0.cr2.lsatca11.sonic.net (220.127.116.11) 4625.031 ms * *
5 50.ae4.gw.pao1.sonic.net (18.104.22.168) 1.797 ms 1.972 ms 1.983 ms
6 22.214.171.124 (126.96.36.199) 9.973 ms 5.269 ms 5.514 ms
7 one.one.one.one (188.8.131.52) 4.162 ms 4.074 ms 4.393 ms
No. Google Public DNS is purely a DNS resolution and caching server; it does not perform any blocking or filtering of any kind, except that it may not resolve certain domains in extraordinary cases if we believe this is necessary to protect Google’s users from security threats.
Cloudflare is not suppose to be doing any filtering either - but quad 9 does.
Copy thx !