Hey gang, I’m considering using DNS4EU in Canada. My ping to their servers is ~130ms. That’s way longer than anything local which is on the order of 1-5ms. Apart from resolving uncached entries taking longer, is there any contraindication to using a DNS server with high latency?
You must log in or register to comment.
This is one of those things that if you really want to do it, you’ll have to live with the consequences.
I’m an American that VPNs everything first to my VPS then down a double hop commercial VPN tunnel that finally exits in Switzerland. DNS traffic also travels over that VPN tunnel so you’ll rightly guess that my DNS is rather slow too.
What I do is I run a resolver on the VPS (physically near me) that aggressively prefetches commonly queried DNS records. After years of using Unbound I found Blocky to be much, much faster (especially with huge blocklists). It’s to the point now where sure, it’s slower than a “normal” internet connection but it doesn’t feel slow to me anymore.
Does it actually block thepiratebay, yts, 1337x? Lots of European DNS servers do.
Each of them returns the correct answer.
Protective Resolution - IP address 86.54.11.1 Protective + Child Protection - IP address 86.54.11.12 Protective + Ad blocking - IP address 86.54.11.13 Protective + Child Protection + Ad blocking - IP address 86.54.11.11 Unfiltered Resolution- IP address 86.54.11.100;; ANSWER SECTION: thepiratebay.org. 300 IN A 162.159.137.6 thepiratebay.org. 300 IN A 162.159.136.6Could you test this? It wukd bring fact to the conversation instead of just doubt and workload.
Well, this is selfhost, so why not do that and set up unbound to use?
Is unbound different than say dnsmasq that my router is running? Isn’t it just another DNS server that has to go to a higher DNS server for resolution?
Dnsmasq is dependent on whatever DNS servers you provide it with for its data, so if those controlling those DNS servers get ordered to block something you experience that.
Unbound however does the same job as the DNS servers you would configure in Dnsmasq : when you do a DNS request, unbound goes to the root hint servers, then works its way down through the authorative DNS servers til it finds what you are requesting.
Question for the general public. Why not use the DNS server provided by your ISP?
They already know what websites you visit, because TLS1.2 still leaks the hostname. They might as well provide some useful service in return.
Because they are court ordered to block some websites that I like to use.
Not if you use a vpn. Being that this is Selfhosted, the best idea is to just host your own Recursive DNS server.
130ms is perceivable but still quite small, and you’d only hit it once per domain (per TTL). If you care enough to intentionally use it then I wouldn’t worry about it. You’ll rarely notice the difference.
There are a few other services with similar ethos that you may want to check out as alternatives. Quad9 is the one I remember off the top of my head.
I’m getting 153 ms. I’m in Europe. Other DNS servers are like 40ms.
I was using Quad9 for quite some time, but I had consistent problems with the DNS sometimes not working.
In my local network I switched to pihole with unbound as the resolver. Though this does require a bit more setup. I have unbound setup to serve expired records from the cache & prefetch comment queries, this helps with most of the delay.
On my phone I use dnsforge.de when I am not at home for example, and haven’t had any problems with unresponsive DNS so far.
If you’re using a government run DNS, why not use the CIRA ones instead? https://www.cira.ca/en/canadian-shield/
I’m currently trying that but the proposed information sharing changes with the US in Bill
C-5C-2 change the calculus. I’m sure part of the push comes from the American copyright lobby.Fellow Canadian here, this has completely been off my radar. A quick search brings for Bill C-5 brings up the removal of trade barriers and tax cuts.
Can you point me to where the copyright nonsense is in the bill?
Sorry, C-2. 😄 It’s got some Patriot Act-y stuff in it. Look up coverage on it.
There are many similar services like RethinkDNS that you should consider instead.
So you’re asking if there is any other way to work around physics and get a better response time to servers that are thousands of miles away?
No.
Sorry.
Not asking for a workaround. Asking if I’m missing some problem with using a slow DNS server I might run into, other than the obvious one.
The only task of a DNS server is (or should be) to tell you how to get to a resource you’re looking for by name. So, the only thing that is going to be reallistically affected is your (initial) connection times. And – since this is c/selfhosted – if you are setting a decent DNS cache in your local network, that should be even less of an issue.
The only borderline scenario that I could see feasible, since this is c/selfhosted , is that some software you are setting up that requires nanosecond DNS resolution or somesuch sillyness is going to fail or report false errors. But why would you even do that?
And that’s not even letting on that literally ALL DNS queries work from cache unless you are specifically doing a live query.
None of your software is. It’s asking your OS. Your OS is asking your resolver service. Your resolver service is asking your router. Your router is 5000% caching DNS queries.
gimping your dns’ ping just to use something non-american won’t change orange man’s policies. use a private dns close to you.
Does DNS ping really matter unless you’re making a lot of random uncached requests?
Probably not.
