Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Apple TV // opendns // dns speed issues

    Scheduled Pinned Locked Moved DHCP and DNS
    21 Posts 3 Posters 10.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator
      last edited by

      "Interesting. My ISP's DNS returns 120.0.9.200 and 120.0.29.201 for www.abc.net.au and that is not the same as any of the results from the OpenDNS servers."

      Last time I checked AU was quite LARGE ;)  And I don't see any opendns in AU anywhere.  Closest prob Singapore…  So yeah your going to point somewhere else -- I am quite sure that akamai has servers in AU that your ISP prob resolves because its in the AU.  But when opendns looks to see where it should go, akamai has their dns setup using geoip to say oh your from Singapore -- you should use these servers.

      This is one of the flaws in opendns - they don't have full coverage of the planet, so not ever user is going to be using a dns server in their region.  So anything that uses geoip to determine where it should send you is going to be in error.

      Websense uses the same sort of thing for which proxy you should use in their cloud service, based upon source of where your dns query came from you get sent to different clusters.  For example if I ask my ISP dns I get

      ;; QUESTION SECTION:
      ;webdefence.global.blackspider.com. IN  TXT

      ;; ANSWER SECTION:
      webdefence.global.blackspider.com. 60 IN TXT    "Hello 68.87.72.137 (2C),  - you go to cluster-n"

      --
      ;; ANSWER SECTION:
      137.72.87.68.in-addr.arpa. 1294 IN      PTR     chic-dnssec02.area4.il.chicago.comcast.net.

      See that query came from my ISP dns 68.87.72.137, if I do a query from my own IP using my own BIND server I get same thing - because I am also in the Chicago area

      ;; ANSWER SECTION:
      webdefence.global.blackspider.com. 60 IN TXT    "Hello 24.13.xx.xx (2C),  - you go to cluster-n"

      If I use my VPS out in CA I get told to use a different cluster

      ;; ANSWER SECTION:
      webdefence.global.blackspider.com. 120 IN TXT   "Hello 173.245.xx.xx (2W),  - you go to cluster-g"

      You might want to look for different service other than opendns that has dns located in AU, or your going to have all kinds of issues with any sort of cloud service that uses geoip to send you to the closest server for where your request came from.

      It would be a never ending battle trying to over ride all the domains that use geoip based results.

      edit:  question for you, what is the response time when using opendns.  I am here in chicago, which they are suppose to have one in the area.  And I get 30ms response

      ubuntu:~$ ping 208.67.222.220
      PING 208.67.222.220 (208.67.222.220) 56(84) bytes of data.
      64 bytes from 208.67.222.220: icmp_req=1 ttl=52 time=36.6 ms
      64 bytes from 208.67.222.220: icmp_req=2 ttl=52 time=32.2 ms
      64 bytes from 208.67.222.220: icmp_req=3 ttl=52 time=33.3 ms

      I am curious what your response time is - if in fact the closest one to you is in Singapore.

      Look even here in chicago its like 40ms to get a response from them

      ; <<>> DiG 9.8.1-P1 <<>> @208.67.222.222 www.google.com
      ; (1 server found)
      ;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60922
      ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

      ;; QUESTION SECTION:
      ;www.google.com.                        IN      A

      ;; ANSWER SECTION:
      www.google.com.        189    IN      A      74.125.225.176
      www.google.com.        189    IN      A      74.125.225.179
      www.google.com.        189    IN      A      74.125.225.180
      www.google.com.        189    IN      A      74.125.225.178
      www.google.com.        189    IN      A      74.125.225.177

      ;; Query time: 39 msec
      ;; SERVER: 208.67.222.222#53(208.67.222.222)
      ;; WHEN: Fri Jan  4 10:03:47 2013
      ;; MSG SIZE  rcvd: 112

      If I query my isp (comcast) its much lower

      ; <<>> DiG 9.8.1-P1 <<>> @75.75.75.75 www.google.com
      ; (1 server found)
      ;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49553
      ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

      ;; QUESTION SECTION:
      ;www.google.com.                        IN      A

      ;; ANSWER SECTION:
      www.google.com.        39      IN      A      74.125.225.211
      www.google.com.        39      IN      A      74.125.225.210
      www.google.com.        39      IN      A      74.125.225.212
      www.google.com.        39      IN      A      74.125.225.208
      www.google.com.        39      IN      A      74.125.225.209

      ;; Query time: 18 msec
      ;; SERVER: 75.75.75.75#53(75.75.75.75)
      ;; WHEN: Fri Jan  4 10:05:32 2013
      ;; MSG SIZE  rcvd: 112

      Like to see the same sort of tests for you..  I did a quick search and did not come up with any alternatives for opendns that have locations in the AU/NZ region of the world.  If what your wanting to do is filter via dns for your specific machines in your network.  Maybe you want to setup your own filtering so that its local.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.