Discussion:
GCI DNS servers
barsalou
17 years ago
Permalink
Is it only me or are other folks seeing problems with the GCI DNS
servers not serving up responses every once in a while?

Mike B.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Scott Keller
17 years ago
Permalink
I'm just a chronic lurker, but it's not just you....sigh.....
Post by barsalou
Is it only me or are other folks seeing problems with the GCI DNS
servers not serving up responses every once in a while?
Mike B.
Damien Hull
17 years ago
Permalink
Just put up your own DNS server and call it a day. I'm not a BIND expert
but I think all you need to do is install it and turn it on. I think
it's caching DNS by default.

If you are on Debain / Ubuntu it's "sudo apt-get install bind9". The
end. :-)
Post by Scott Keller
I'm just a chronic lurker, but it's not just you....sigh.....
Post by barsalou
Is it only me or are other folks seeing problems with the GCI DNS
servers not serving up responses every once in a while?
Mike B.
---------
with 'unsubscribe' in the message body.
Royce Williams
17 years ago
Permalink
Post by Damien Hull
Just put up your own DNS server and call it a day. I'm not a BIND expert
but I think all you need to do is install it and turn it on. I think
it's caching DNS by default.
I must respectfully disagree, as I think that I did the last time that
a thread like this went this direction.

The whole point of the design of the DNS infrastructure is to
distribute load. Everyone running their own server doesn't scale.

I encourage anyone with this symptom to document it -- perhaps by
using Nagios or otherwise monitoring your provider's DNS
responsiveness over a period of time -- and reporting it to your
provider, whether it be GCI, ACS, AT&T, Clearwire, AP&T, TelAlaska, or
Joe's ISP and Sandwich Shop. :)

Royce
--
Royce D. Williams - IP Engineering, ACS
http://www.tycho.org/royce/ - PGP: 3FC087DB/1776A531
Be kind, for everyone you meet is fighting a hard battle. - Plato
Royce Williams
17 years ago
Permalink
hello, me
Talking to yourself is a sign of impending mental collapse.
I must respectfully disagree, as I think that I did the last time that
a thread like this went this direction.
The whole point of the design of the DNS infrastructure is to
distribute load. Everyone running their own server doesn't scale.
That being said, running a caching-only nameserver that uses your
ISP's DNS servers as forwarders would be both efficient and
educational, and I personally encourage that.
I encourage anyone with this symptom to document it -- perhaps by
using Nagios or otherwise monitoring your provider's DNS
responsiveness over a period of time -- and reporting it to your
provider, whether it be GCI, ACS, AT&T, Clearwire, AP&T, TelAlaska, or
Joe's ISP and Sandwich Shop. :)
Of course, if you're running an important service and your provider's
DNS is acting up, it's a good idea to follow Damien's advice to
address the symptom in the short term -- as long as you follow up with
diagnosing the problem, helping your ISP get back on track, and
switching back to using them when the problem has been resolved.

Some interesting references:

98% of DNS Queries at the Root Level are Unnecessary
http://www.sciencedaily.com/releases/2003/01/030124074245.htm

Is Your Caching Resolver Polluting the Internet?
http://dns.measurement-factory.com/writings/wessels-netts2004-slides.pdf

DNS Measurements at a Root Server
http://www.caida.org/outreach/papers/2001/DNSMeasRoot/dmr.pdf


... and there's one more excellent paper that I'm having trouble
locating at the moment; if/when I find it, I'll follow up.

Royce
--
Royce D. Williams - IP Engineering, ACS
http://www.tycho.org/royce/ - PGP: 3FC087DB/1776A531
Words are good servants but bad masters. - Aldous Huxley
barsalou
17 years ago
Permalink
Post by Royce Williams
98% of DNS Queries at the Root Level are Unnecessary
http://www.sciencedaily.com/releases/2003/01/030124074245.htm
Is Your Caching Resolver Polluting the Internet?
http://dns.measurement-factory.com/writings/wessels-netts2004-slides.pdf
DNS Measurements at a Root Server
http://www.caida.org/outreach/papers/2001/DNSMeasRoot/dmr.pdf
Royce, Have you used or are you using dnstop?

Looks like an interesting tool. Where are the links to fix these
problems? Maybe I missed it in the text?

Mike B.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Royce Williams
17 years ago
Permalink
Post by barsalou
Post by Royce Williams
98% of DNS Queries at the Root Level are Unnecessary
http://www.sciencedaily.com/releases/2003/01/030124074245.htm
Is Your Caching Resolver Polluting the Internet?
http://dns.measurement-factory.com/writings/wessels-netts2004-slides.pdf
DNS Measurements at a Root Server
http://www.caida.org/outreach/papers/2001/DNSMeasRoot/dmr.pdf
Royce, Have you used or are you using dnstop?
Definitely. An excellent tool. I have noticed that leaving it
running on some OSes can cause a bit of system load.

I haven't used the other tools that the Measurement Factory guy
mentions (DSC).
Post by barsalou
Looks like an interesting tool. Where are the links to fix these
problems? Maybe I missed it in the text?
The recommendations that I found most helpful were in the article that
I have yet to locate. :)

In a general sense, using your ISP's servers should reduce load on the
roots, and you also benefit from a significant shared cache. Auditing
your zones with the dnstop '-l' option set to 3 or 4 (or more) and
then switching to the query view depth (Alt-3, Alt-4, etc.) will
reveal a lot about what queries you're making.

***@heffalump$ sudo dnstop -l 5 [interface name]

Seeing a bunch of queries like this means that your resolver is trying
to look up


hostname 34
hostname.mydefaultdomain.org 34
anotherhost 23
anotherhost.mydefaultdomain.org 23


Seeing lots of bogus domains or un-fully-qualified hosts means that
your internal servers are leaking requests for their siblings:

wpad 113 0.6
local 107 1.5
mom 102 0.5
belkin 24 0.3


And the Measurement Factory guys have some built-in filters for bad
queries:

Available filters:
unknown-tlds
A-for-A
rfc1918-ptr


Royce
--
Royce D. Williams - IP Engineering, ACS
http://www.tycho.org/royce/ - PGP: 3FC087DB/1776A531
Man is born to live, not to prepare for life. - Boris Pasternak
Arthur Corliss
17 years ago
Permalink
Post by Royce Williams
I must respectfully disagree, as I think that I did the last time that
a thread like this went this direction.
The whole point of the design of the DNS infrastructure is to
distribute load. Everyone running their own server doesn't scale.
You're right in general, however, we are talking about a small group of
techies, the increase in load if all of AKLUG were to do it (much less all
LUG members worldwide) would be minor. And, quite frankly, I'd be remiss in
telling people not to when that's exactly what I've been doing for over a
decade.

Now, I'm not saying you should run local caching DNS on every box, I think
it's perfectly acceptable to run one DNS server at home, and assume you'll be
setting that DNS as the primary in your DHCP lease options (or statically)
for all your other hosts at home.

That said, if you do go down this road, please do so sensibly: whether or
not you're running DNS behind a NAT box you should still practice standard
security practices, which means you should only open DNS in your firewall to
your internal subnet, and it within the application itself you should have
ACLs restricting queries to that same LAN.

If anyone needs any pointers on this, let me know. It's a lot easier than
you think. Setting up a caching DNS server securely with ISC Bind talks
only a few minutes.

At the end of the day, I encourage everyone to do this. As
techies/geeks/hackers that's what we do, right? We learn how core
technologies work and use them to improve the quality of our lives (well,
at least the network ;-).
Post by Royce Williams
I encourage anyone with this symptom to document it -- perhaps by
using Nagios or otherwise monitoring your provider's DNS
responsiveness over a period of time -- and reporting it to your
provider, whether it be GCI, ACS, AT&T, Clearwire, AP&T, TelAlaska, or
Joe's ISP and Sandwich Shop. :)
I agree with this.

--Arthur Corliss
Live Free or Die
Leif Sawyer
17 years ago
Permalink
Is it only me or are other folks seeing problems with the GCI=20
DNS servers not serving up responses every once in a while?
Mike et al

Are you still seeing issues?
barsalou
17 years ago
Permalink
I was as of last night around 7pm. It was fairly regular...would work
for a while, stop working for a few minutes, work for awhile again.

Almost like a server was getting rebooted over and over.

Mike B.
Post by Leif Sawyer
Is it only me or are other folks seeing problems with the GCI=20
DNS servers not serving up responses every once in a while?
Mike et al
Are you still seeing issues?
---------
with 'unsubscribe' in the message body.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Continue reading on narkive:
Search results for 'GCI DNS servers' (Questions and Answers)
5
replies
Describe a data center?
started 18 years ago
programming & design
Loading...