Tonight I installed dnsmasq as a caching DNS forwarder on our home network (under a VM, no less). Additionally, I changed our primary DNS servers to those hosted by OpenDNS. To double-check that things were working, I figured I’d whip up a quick script to make a bunch of DNS requests and give an average time. First round, I faced the OpenDNS server against Cox’s own. I’d never really benchmarked the Cox DNS servers, so this was quite enlightening:

andrew@ubuntu-server-vm:~$ php ./dns_bench.php
Average response time: 27.53
andrew@ubuntu-server-vm:~$ php ./dns_bench.php
Average response time: 158.58

This only serves to strengthen my belief that all cable ISPs are run by pharmacists.

To satisfy morbid curiosity, here are the results against the local dnsmasq daemon:

andrew@ubuntu-server-vm:~$ php ./dns_bench.php
Average response time: 0.21

That’s only about, oh, a 755x improvement. Hopefully that’ll sufficiently speed things up.

5 Comments so far

  1. David Ulevitch on April 23rd, 2008

    You can have dnsmasq act as a forwarder to OpenDNS and get the best of both worlds. Performance, security and reliability.

  2. David Ulevitch on April 23rd, 2008

    Oh wait, that’s what you did. Sorry, I misread the first line. 🙂

  3. Matt on April 23rd, 2008

    (1) Will your VM experience transfer to our server?

    (2) I’ve not tried dnsmasq, only djbdns’s dnscache. Same concept, I presume… I use it on the home firewall machine, which advertises it as the primary DNS server to our LAN.

    (3) #1 is actually more directly relevant than I thought… DNS resolution on our server still BLOWS? Like periodically the requests are measured in seconds, not milliseconds?

  4. Matt on April 23rd, 2008

    Oh, and a follow-up comment: I understand that some parts of running an ISP are hard. Peering is hard. Mailservers can be difficult. Traffic shaping can be complex.

    You can set up a 133 MHz machine with 16MB RAM and run an effective DNS server. I’m sure it will eventually become loaded, but really, you can take any off-the-shelf PC, and, in about 20 minutes time (most of it spend installing, versus your work), have a Linux machine that’s a high-performance DNS cache / server. (Windows could probably do this well, but I’m not at all familiar with caching DNS servers on Windows.) You’d never have to touch it, and it would work flawlessly. And 99.99% of the “delay” in the response would be due to network latency, not the server.

    And yet your ISP isn’t the only one that’s horribly botched DNS servers. Comcast’s are sometimes slow, and the ones our server at Burst uses are RIDICULOUSLY bad.

    We should start an ISP. Here’s a thought: any place you provision an edge router, put a low-grade 1U Linux box there, as a “tool server.” Have it run a DNS server, be an NTP server, and use it for running diagnostics. (Bandwidth charts?) Rather than having two DNS servers for your whole ISP, you have one on each network segment, probably within 10ms reach.

    Oh, and get several good carriers. And peer with people like Youtube.

  5. andrew on April 28th, 2008

    David: yeah, my first two sentences were somewhat confusing. The primary DNS on the machine running dnsmasq is indeed OpenDNS. The primary DNS for the rest of the network is the dnsmasq box.

Leave a Reply