GRC's DNS Benchmark

  • I ran this tool to find the fastest DNS servers for me, and I am curious as to what exact settings I should be using in pfsense optimally. I assume the only settings I need to change are on the System: General Setup page. This is just for home use.

    Thank you for any help you can provide!

  • It doesn't matter. Every configured DNS server is queried simultaneously and it takes the fastest response.

  • Rebel Alliance Developer Netgate

    You can do your own benchmarking under Diagnostics > DNS Server, it will show you the response times for queries to all of your configured DNS servers.

    For extra fun, if you're on 2.0 with the DNS forwarder used for the system ( try the query twice - the second time should come from the cache and have a (practically) 0ms response time.

  • so I can't specify the DNS Servers I am using at all? Pfsense just picks the fastest ones? If I can specifiy them, do I put the fastest ones in the box and hit use gateways - WAN?

    Also my DNS Server shows as my router IP right now with IPCONFIG. Does it always stay like this unless I uncheck " Allow DNS Server list to be overridden …. " and restart the system?

    I will see if I can figure out how to do some benchmarks when I get home tonight and post em if I can.

  • Rebel Alliance Developer Netgate

    You set your firewall's DNS servers under System > General (or it can get them from DHCP/PPP)

    Those are the ones queried by the firewall, and the clients query the firewall for DNS.

  • I tried the DNS Lookup like you said and got 0ms on and 22-24ms on the DNS I entered in. and I think.

  • Rebel Alliance Developer Netgate

    Yeah so the system is querying those two DNS servers and (when possible), caching the result. That should be plenty fast.

    You can always add more DNS servers in there like Google public DNS ( / or DNS servers from your ISP.

  • Thank you for the help again. I will add my ISP and google's DNS as well as backups.

    I know I'm a noob in how DNS works and such, but I think with my old wirless router if the ISP DNS servers went down we lost internet and it didn't find other DNS servers to use. If that is the case, this makes pfsense very handy!

    I should lose internet basically never at this point with the backup DNS Servers and pfsense's awesome reliability. I have another quick question that I'm curious about. Would there be any advantage to using my Windows Home Server 2011 as my own DNS server? Would that be even faster or make any noticeable difference? I think it has this ability as it is based on Server 2008 and it can do this from a quick google search.

  • LAYER 8 Global Moderator

    If you want to run your own dns, you could just install the unbound package on pfsense - no need for MS dns, which I don't believe is viable on WHS anyway.. They really striped out the actual useful features of server with WHS, like dns.. Now maybe there is some patch or something to turn it back on?

    Or you could always just run bind on any box on your network, even your WHS, etc.

    But if you want to run your own dns, I would really check out unbound package.  Its be working great on my setup.  Has dnssec support and ipv6 support as well.  And has been pretty much rock solid, I keep hearing that it will be fully integrated into the 2.1 line vs a package which I am very much in favor of!

    Only thing that would be nicer would be to create package or easy howto in running full blown bind on pfsense.

Log in to reply