CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

Michael_Bullut · September 26, 2018, 7:52am

Greetings Team,

Has anyone deployed the aforementioned in your individual networks? A quick test suggests it is quite fast compared with Google’s D.N.S. resolvers:

C:\Users\bullutm>ping 1.1.1.1

Pinging 1.1.1.1 with 32 bytes of data:
Reply from 1.1.1.1: bytes=32 time=3ms TTL=61
Reply from 1.1.1.1: bytes=32 time=4ms TTL=61
Reply from 1.1.1.1: bytes=32 time=8ms TTL=61
Reply from 1.1.1.1: bytes=32 time=4ms TTL=61

Ping statistics for 1.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 8ms, Average = 4ms

C:\Users\bullutm>

f93hbkzsjiihrpm2zn4n · September 26, 2018, 7:50am

Do note that ping response times are not a good indicator of DNS performance.

_Stephane_Bortzmeyer · September 26, 2018, 7:53am

a message of 162 lines which said:

Has anyone deployed the aforementioned in your individual networks?
A quick test suggests it is quite fast compared with Google's
D.N.S. resolvers:

Well, you don't test a DNS service with ICMP echo, for reasons you
certainly know.

Also, do not compare only public resolvers between themselves, also
compare with a local resolver (always the closest from the clients).

Michael_Bullut · September 26, 2018, 7:59am

Hi Ross,

How would you gauge good DNS performance?

_Stephane_Bortzmeyer · September 26, 2018, 8:15am

a message of 192 lines which said:

How would you gauge good DNS performance?

To test {XXX} performance, you use a {XXX} client, where XXX = DNS,
HTTP, SSH, LDAP, etc.

Colin_Johnston · September 26, 2018, 8:21am

also could use ripe atlas

Colin

_Stephane_Bortzmeyer · September 26, 2018, 9:18am

a message of 16 lines which said:

also could use ripe atlas

Which embeds clients for ICMP Echo, DNS, NTP, TLS, arbitrary TCP (with
some hacks), and, with serious limitations, HTTP.

Jens_Link · September 26, 2018, 9:28am

Michael Bullut <main@kipsang.com> writes:

Hi Ross,

How would you gauge good DNS performance?

quick and dirty:

jens@screen:~$ dig nanog.org @8.8.8.8 | grep "Query time"
;; Query time: 16 msec
jens@screen:~$ dig nanog.org @1.1.1.1 | grep "Query time"
;; Query time: 3 msec

Jens

_Stephane_Bortzmeyer · September 26, 2018, 9:56am

a message of 14 lines which said:

quick and dirty:

Indeed. For instance, the delay depends wether the cache it hot or
cold (measuring response time for an authoritative server is easier).

Tony_Finch · September 26, 2018, 10:10am

You can use dig -u to get microsecond resolution, e.g.

$ dig -u @131.111.8.42 nanog.org | grep time:
;; Query time: 611 usec

Tony.

Mike_Hammett · September 26, 2018, 11:14am

I recommend that eyeball networks don’t run any external recursive server for optimal CDN performance. Yes, some CDNs support other methods, but not all. If not all do, then the requirement remains.

Niels_Bakker · September 26, 2018, 11:34am

* nanog@ics-il.net (Mike Hammett) [Wed 26 Sep 2018, 13:14 CEST]:

I recommend that eyeball networks don't run any external recursive server for optimal CDN performance. Yes, some CDNs support other methods, but not all. If not all do, then the requirement remains.

+1

-- Niels.

Mike_Hammett · September 26, 2018, 11:59am

Seems like a good reason to not use Firefox.

Yoni_Radzin · September 26, 2018, 1:03pm

For Window’s clients, you might want to try out this freeware GRC tool for benchmarking DNS performance:

https://www.grc.com/dns/benchmark.htm

Cheers

John_L · September 26, 2018, 6:05pm

In article <87in2sy5eh.fsf@pc8.berlin.quux.de> you write:

quick and dirty:

jens@screen:~$ dig nanog.org @8.8.8.8 | grep "Query time"
;; Query time: 16 msec
jens@screen:~$ dig nanog.org @1.1.1.1 | grep "Query time"
;; Query time: 3 msec

Yeah, that's super reliable:

$ drill nanog.org @1.1.1.1 | grep "Query time"
;; Query time: 31 msec
$ drill nanog.org @1.1.1.1 | grep "Query time"
;; Query time: 18 msec

Valdis_Kletnieks · September 26, 2018, 6:44pm

Has anyone deployed the aforementioned in your individual networks? A quick
test suggests it is quite fast compared with Google's D.N.S. resolvers:

*Reply from 1.1.1.1 <http://1.1.1.1/>: bytes=32 time=3ms TTL=61*

3ms indicates you're hitting an instance that is fairly close by, network-wise.

Looking at your traceroute:

3 7 ms 13 ms 15 ms 10.98.0.233
4 7 ms 5 ms 4 ms one.one.one.one [1.1.1.1]

The instance is apparently on the same subnet as your CGN exit point. As such,
unless CloudFlare is deploying a *lot* of anycast instances, most people are
not going to have the joyous experience you have.

From my desktop, 1.1.1.1 is 7 network hops away, compared to 8.8.8.8's 10 hops,

but the extra 3 hops inside AS15169 probably don't leave the building, and may
not even leave the rack. Both are right around 6.9ms away - while *our* network
presence there is 4 hops and also 6.9ms away and traceroute is showing jitter
larger than the difference between our router and either DNS service...

Blake_Hudson · September 26, 2018, 6:59pm

I'm not a proponent of using 1.1.1.1, but CloudFlare does have a good CDN:

Pinging 1.1.1.1 with 32 bytes of data:
Reply from 1.1.1.1: bytes=32 time<1ms TTL=58

Tracing route to one.one.one.one [1.1.1.1]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms xxxx
2 <1 ms <1 ms <1 ms xxxx
3 <1 ms <1 ms <1 ms xxxx
4 1 ms 1 ms 1 ms 209.152.151.8
5 1 ms 1 ms 1 ms 38.140.136.177
6 1 ms <1 ms <1 ms 38.140.136.74
7 <1 ms <1 ms <1 ms one.one.one.one [1.1.1.1]

Trace complete.

dig @1.1.1.1 cloudflare.com | grep 'Query time'
;; Query time: 1 msec
dig @1.1.1.1 nanog.org | grep 'Query time'
;; Query time: 28 msec

Josh_Luthman · September 27, 2018, 2:10pm

+1 for Yoni’s recommendation of DNS Benchmark (Windows only).

Grant_Taylor1 · September 27, 2018, 4:31pm

I've heard of multiple people running Steve's free DNS Benchmark utility on Mac OS X and Linux via Wine.