Should I trust my ISP's DNS address?



  • Hi Everyone,

    I was just checking stats and I see this:

    99.99.99.99:8819 -> 55.55.55.55:53 MULTIPLE:SINGLE

    Where 99… is my WAN IP and 55... is my ISPs DNS IP. I have the following questions:

    1- Does the SINGLE mean that my router can't reach ISP's DNS server or does it mean that ISP's DNS server can't reach my pfSense v1.2.3?

    2- Should I create a firewall route which is destined to my router IP (192.168.0.1) which allows port 53 from my ISP? Why should I do it if "Yes"

    3- I have previously used Google's DNS servers of 8.8.8.8 and 8.8.8.4 and they work beautifully and quite fast as well but what are the advantages and disadvantages of using Googl's DNS or my ISP ones?

    Thanks



  • What stats? Is that from your firewall logs, the states or something else?

    Using Google's DNS means that anything that relies upon estimating your location (any of the content delivery networks for a start) assume you're based with Google's DNS servers in the US. If you're actually somewhere else your downloads from that CDN will be slow.


  • Netgate Administrator

    I thought that 8.8.8.8 and 8.8.4.4 redirect to whichever of Googles sites is nearest you?
    http://code.google.com/speed/public-dns/faq.html#anycast

    I'm using them and I'm very happy. They seem faster and more reliable than my crappy ISP. I've had no problem with location based services.

    Steve

    Edit: 8.8.4.4, I should have said I'm in the UK.



  • I have noticed them to be faster as well or at least be faster with loading google and their cloud service (gmail, docs, etc…) but I am afraid they could be down and probably not my ISP who uses multi-tiered backbones and that's when I might suffer.

    Anyhow, I guess the more important part of my question related to the OpenVPN fault but I just noticed that I didn't include the error message from the VPN and so I doubt you can tell me anything from this. I will re-post if I catch it doing that again.

    Thanks



  • Runs dnsbenchmark http://www.grc.com/dns/benchmark.htm

    I used to use 8.8.8.8 and 8.8.4.4 but according to this Level 3's 4.2.2.1 is the fastest for me, followed by opendns, then google, then Comcast's.


  • Netgate Administrator

    Great program!  ;D
    Fascinating results. Takes a while though.
    Googles DNS no where near the quickest for me, however it's not surprising they seemed quicker to me as my ISPs DNS servers are returning hundreds of errors!  ::)

    Steve


Locked