Use dnsmasq as forwarder. but have more than four upstream dns servers
-
Hi,
I'm using dnsmasq as the default DNS forwarder. I list my upstream DNS servers under System|General.
It is my understanding that dnsmasq query all the listed upstream DNS servers in parallel and then go with the one who answers first. Here where I am at the internet as well as the DNS services can get a little flaky at times. Thus, I was wondering if my performance would improve if I somehow could list more than four DNS servers under System|General. In other words if I list more, the chances are better of getting a quicker response. Is this reasoning correct at all?
If so, how would I go about setting up additional upstream servers?
Thanks,
-
So why not just use your isp dns? This should be the closest to you, and would hope have the best connection.
4 NS is a lot to send queries too.. Why don't you do some testing of dns in your area that is best and then use those? While the gui limits you, there is prob a way to do it from conf file.. but off the top of my head not sure, would have to look into it.
-
Thanks for replying. Yeah the thing is the ISP seems to intermittently have high latencies on their DNS servers. They said they are looking into it, but it has been going on for a while now. Might be time to move on to a different ISP one might say…
It seems you one adds entries to the /var/etc/resolv.conf file. Simple as that. But, like you said, it possibly won't make sense to query lots of DNS servers. Soon as I get the time I'll try out Google's software for evaluating DNS latencies.
-
but that would most likely get reset, not good to manipulate files directly with pfsense.
-
Agreed. I was more thinking of just trying it out that way first. But, you are right the alterations will be gone after reboot. One would probably have to set a cron job to copy/replace from another location at regular intervals or something like that.
However, am I correct in thinking that dnsmasq queries everything at once and then takes the response from the quickest replier? Sort of implying the more DNS servers specified the merrier? Bear in mind I'm not very clued up on how dnsmasq really works etc.
-
Errr… kinda useless exercise to change the System - General number?!
https://github.com/freebsd/freebsd/blob/master/include/resolv.h#L128
https://www.freebsd.org/cgi/man.cgi?resolv.conf(Not sure if/how's this MAXNS limit patched on pfSense.)
-
"am I correct in thinking that dnsmasq queries everything at once and then takes the response from the quickest replier?"
Yes that you can have it setup that way if you don't check the do sequential checkbox in the forwarder section.
Query DNS servers sequentially
If this option is set, pfSense DNS Forwarder (dnsmasq) will query the DNS servers sequentially in the order specified (System - General Setup - DNS Servers), rather than all at once in parallel.But why do you think asking 6 servers is going to be faster than 4 servers? Why not do some testing with the dns servers you would like to forward too and see which 4 do the best? While in general dns queries not all that large, with your logic might as well just query say 100 of them.. Your talking a lot of extra traffic to do a simple query.. Normally your only talking a few ms difference anyway.
If your ISP dns sucks - for example comcast dns use to really blow. And used level 3, 4.2.2.2 was my go to nameserver ;) But then comcast did some work on theirs and even went anycast, etc. etc. And they seem to be ok now - but I have moved on to just running my own resolver… Much better, more secure with dnssec if you ask me. I would always rather get something I am looking up from the horses mouth then someone else ;)
-
Thanks for the advice. Yes internet here where I am at is a little intermittent and nameservers don't tend to perform the same from week to week. Which is why I'm going the shotgun route. But, 8.8.8.8 seem to be pretty stable here, though not as quick as the ISP's.
I agree with you on running one's own resolver - I done that at some point but the latency is just very bad.
-
You might want to take a look at Steve Gibson's DNS Benchmark tool. It benchmarks about 70 commonly used public IPv4 DNS servers, and I think you can even add additional servers, if the ones you're using aren't already in the list.
After you do the basic benchmark, you also have the option of having it generate a custom list of 50 servers from over 4,000 servers worldwide.
You might find servers that are better/faster than the ones you're using.
