Using Gibsons DNS tool, and is the router the place for DNS proxy?
-
Steve Gibson provides this small free tool to evaluate DNS servers response times.
http://www.grc.com/dns/benchmark.htmAt home I use an ALIX box with PFSense 123Release. As it's configured, my internal PCs have DNS as the routers IP address.
I made a change to uncheck this option:
"Allow DNS server list to be overridden by DHCP/PPP on WAN" and set manual IP addresses to 4.2.2.2 and 4.2.2.3
as these were the fastest on my run of his tool.I rebooted, but for some reason DHCP addreses given by pfSense are still the router…
Anyway, the real question is - Gibson maintains that using the Router is a bad idea as the target IP for DNS.
He contends you can actually "crash the router" if it's configured this way.What say the pfSense community?
-
He can be a bit of a kook at times, and accurate others.
Using pfSense as your network's DNS server works fine, you can't "crash the router" that way - He may be referring to cheap SOHO routers like d-link/linksys/netgear/trendnet/buffalo/2-wire/etc, where there could be issues.
When using pfSense as the DNS server for your LAN systems, it will take the query from the client, and then run that query by every configured DNS server at the same time, and then use the fastest response, passing the answer back to the client.
-
Thanks JimP.
I usually listen to Leo and Steve's podcasts (here for those with some interest in what I'm talking about -
they can be found here: http://twit.tv/sn or on ITunes search Security Now) in the background while doing other things.
He sure can ramble..The words caught my attention. It will be intesting to hear from which side of the network he contends these "crashes" can source from. And yeah maybe linksys/belkin/dlink type devices. I think I did hear those names.
For those reading this thread, I'll revise it after next week if he discusses this. We'll see.
