Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
what dns do you use for resolve.conf
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

what dns do you use for resolve.conf

I am using 1.1.1.1 1.0.0.1 cloudflare what bout you?

I am an old man please bear with me :)

Comments

  • 127.0.0.1

    Providing less than /64 means "we are clueless about IPv6". My geekbench results. I haz BuyvM, IonSwitch, OneProv, Servarica, Veesp.

  • Suspicious_oldman.jpg

    Tired of LET scams?
    A Moderated forum : https://talk.lowendspirit.com/

  • king8654king8654 Member
    edited October 2019

    Normally goggles, 8.8.8.8 or 8.8.4.4

    Tinfoil hat ensues

    Thanked by 1kkrajk
  • 1.1.1.1
    8.8.8.8

    Thanked by 1Sofia_K

    Remember the value of LET is purely based on its traffic.

  • 192.168.1.1
    localhost

    Shared: Smallweb| VPS: NexusBytes, FlowVPS, VirMach, InceptionHosting, Linode
    Gapps legacy 100/200 users cheap 4 sale. PM

  • Datacenters DNS usually plus 8.8.8.8 + 1.1.1.1 or opendns too.

  • rm_rm_ Member
    edited October 2019

    I tried 1.1.1.1 briefly, but it lowercases all PTR responses. Compare:

     Host                                   Loss%   Snt   Last   Avg  Best  Wrst StDev
     1. 10.92.127.126                        0.0%     6    0.8   0.8   0.7   0.9   0.0
     2. lag-2-435.bgw01.tmn.ertelecom.ru     0.0%     5    0.8   0.8   0.6   1.0   0.0
     3. GW-ERTelecom.retn.net                0.0%     5   30.1  30.2  29.9  30.7   0.0
     4. ae10-153.RT1.M9.MSK.RU.retn.net      0.0%     5   30.2  30.9  30.1  33.7   1.4
     5. ae0-9.RT.THV.PAR.FR.retn.net         0.0%     5   72.7  72.5  72.4  72.7   0.0
     6. 195.154.3.206                        0.0%     5   73.0  73.2  73.0  73.4   0.0
     7. 45x-s44-2-a9k2.dc3.poneytelecom.eu   0.0%     5   73.3  73.3  73.1  73.5   0.0
     8. ping.online.net                      0.0%     5   72.7  72.6  72.3  72.7   0.0
    

    and

     Host                                   Loss%   Snt   Last   Avg  Best  Wrst StDev
     1. 10.92.127.126                        0.0%     8    0.6   0.7   0.6   0.9   0.0
     2. lag-2-435.bgw01.tmn.ertelecom.ru     0.0%     7    1.4   0.8   0.6   1.4   0.0
     3. gw-ertelecom.retn.net                0.0%     7   36.0  31.2  29.9  36.0   2.2
     4. ae10-153.rt1.m9.msk.ru.retn.net      0.0%     7   32.4  30.8  30.0  32.4   0.6
     5. ae0-9.rt.thv.par.fr.retn.net         0.0%     7   72.3  72.5  72.3  72.8   0.0
     6. 195.154.3.206                        0.0%     7   73.1  73.2  72.9  74.3   0.4
     7. 45x-s44-2-a9k2.dc3.poneytelecom.eu   0.0%     7   75.8  74.6  73.2  77.2   1.6
     8. ping.online.net                      0.0%     7   72.6  72.5  72.4  72.6   0.0
    

    The latter looks like trash IMO, and for no good reason. Removed that one from all my hosts and will never use it.

    For one where the company's primary job is something else other than spying on your queries, I like NTT's public resolvers:

    nameserver 129.250.35.250
    nameserver 129.250.35.251

    But the first line in that list in most cases will be 127.0.0.1 with an instance of unbound running.

  • cat /etc/resolve.conf
    cat: can't open '/etc/resolve.conf': No such file or directory
    
    Thanked by 1Cloudcone
  • kassle said: cat: can't open '/etc/resolve.conf': No such file or directory

    We save a critical 1 byte of storage by leaving the 'e' off the end.

    For LET support, please visit the support desk.

  • WebProjectWebProject Member, Provider

    1.1.1.1 and 1.0.0.1 is better as its faster.

    VPS Price Match Guarantee on: All our range of DDOS protected XEN-HVM VPS Plans
    Are you looking for best price for self-managed VPS? See WebProVPS website for more details.
  • RemoteControlRemoteControl Member
    edited October 2019

    Cloudflare blocks 2 out of 11 VPS providers that I use by default. If you have cheapo providers they may be on some blocklists. So when I assign ip123.mydomain.tld an A record or even AAAA it can't be resolved. After some changes, cat /etc/resolv.conf
    nameserver 10.1.1.1
    nameserver 192.168.20.20
    nameserver 8.8.4.4
    nameserver 1.1.1.1
    [email protected]:~#

    First DNS is datacenter, second DNS local VM server, then Google, then CF last. I recommend putting your local ISP DNS before CF/Google.

    ;-P

  • SpryServers_TabSpryServers_Tab Member, Provider

    If your datacenter provides DNS, then you should either use that or create your own resolvers. The response time will always be faster.

    Thanked by 1Ole_Juul

    Tab Fitts | Founder/CEO - Spry Servers
    SSD Shared Hosting || VPS || Dedicated Servers || Network Status || PHX1 LG || DAL1 LG ||1-844-799-HOST (4678)

  • 127.0.0.1 is the fastest.

    Fastmako (aff) - great VPS for your needs.

  • rm_rm_ Member
    edited October 2019

    RemoteControl said: cat /etc/resolv.conf
    nameserver 10.1.1.1
    nameserver 192.168.20.20
    nameserver 8.8.4.4
    nameserver 1.1.1.1

    Keep in mind only the first three entries are ever used, no matter how many you add. True story.

           nameserver Name server IP address
                  Internet address of a  name  server  that  the  resolver  should
                  query,  either  an  IPv4  address  (in dot notation), or an IPv6
                  address in colon (and possibly dot) notation as  per  RFC  2373.
    >>            Up  to  MAXNS  (currently 3, see < resolv.h >) name servers may be
    >>            listed, one per keyword.  If there  are  multiple  servers,  the
                  resolver  library queries them in the order listed.  If no name‐
                  server entries are present, the  default  is  to  use  the  name
                  server  on  the  local machine.  (The algorithm used is to try a
                  name server, and if the query times out, try the next, until out
                  of name servers, then repeat trying all the name servers until a
                  maximum number of retries are made.)
    Thanked by 2angstrom Ole_Juul
  • rm_rm_ Member

    WebProject said: 1.1.1.1 and 1.0.0.1 is better as its faster.

    Across Google's, CF's, NTT's, or running my own, I have never ran into a situation where I'd say "gosh, this DNS is so slow! I wish it would be just a bit faster!" We're long past the point of DNS being slow (just don't use the ISP and DC ones which can be plain misconfigured and broken), so if you believe you absolutely must have CF (and their spying) to make it "fast", then you are just a brainwashed victim of their marketing, simple as that.

  • dfroedfroe Member, Provider

    IT Service David Froehlich | Individual network and hosting solutions | AS39083 | RIPE LIR services (IPv4, IPv6, ASN)

  • Also be noted that glibc try each server in sequence and try the next only after one times out while musl queries them all in parallel.

  • rm_ said: For one where the company's primary job is something else other than spying on your queries, I like NTT's public resolvers:

    Thanks for the pointer. Do they have a privacy policy?

  • dfroedfroe Member, Provider
    edited October 2019

    psb777 said: while musl queries them all in parallel

    which causes DNS traffic to triple with the intention to intentionally discard 2/3 of all responses?
    Doesn't sound like a great deal to me.

    Personally I'd prefer something "more intelligent" like BIND's forwarding algorithm which continously meassures RTT among all configured forwarders assigning faster servers a more preferred weight.
    Source: https://docstore.mik.ua/orelly/networking_2ndEd/dns/ch02_06.htm

    Thanked by 3jsg kassle Ole_Juul

    IT Service David Froehlich | Individual network and hosting solutions | AS39083 | RIPE LIR services (IPv4, IPv6, ASN)

  • @dfroe said:

    psb777 said: while musl queries them all in parallel

    which causes DNS traffic to triple with the intention to intentionally discard 2/3 of all responses?

    Correct. Justification and mitigations are on the wiki page too.

    Doesn't sound like a great deal to me.

    But IMO worse is when your first one (or two) servers are dead, and glibc gets stuck at every DNS query.

    Thanked by 1flatland_spider
  • jsgjsg Member

    Quad 9 + a couple hand selected and checked daily regional servers from halfway decent orgs.

    Plus a good local cache.

    And: glibc is sh_tty? Who woudda thought that?!!
    But: There are some widely unknown resolver parameters to somewhat tune it.

    Thanked by 1kassle

    Thanks no.

  • HackedServerHackedServer Member
    edited October 2019

    Here is what I push to all my servers.

    nameserver 129.250.35.251
    nameserver 74.82.42.42
    nameserver 64.6.65.6
    options rotate
    options timeout:1
    options attempts:3
    

    NTT, HE.net and Verisign.
    All pretty quick (anycast), support ANY, no dns hijacking, and probably not farming my personal data.

  • dnscrypt-proxy using these
    - 0ms cisco-familyshield
    - 1ms adguard-dns-family
    - 1ms cleanbrowsing-family

  • Quad9, Layer3/CenturyLink, or my own DNS servers.

  • MikeAMikeA Member, Provider

    I used to use Google DNS, then switched to CloudFlare, then CloudFlare started heavily rate limiting the OVH network so I switched back to Google. I use Q9 in some stuff.

    ExtraVM - AMD Ryzen VPS starting @ $3.50
    USA (TX, VA, FL), CA, FR, UK, SGP, AU, RU

  • cybertech said: 1.1.1.1

    8.8.8.8

    same here. My 1st one is CF, second is Google.

    Thanked by 1cybertech

    Have a great day! Recommended: Namecheap | Godaddy | Cloudflare | AWS | Google Cloud | Ramnode VPS | BuyVM | OVH | Hetzner

  • JordJord Moderator, Provider

    69.69.69.69 if all else fails 666.666.666.666

    BillingServ - Easy, simple, and hassle-free online invoicing solution. Contact us today.
    BaseServ Certified to ISO/IEC 27001:2013

  • 8.8.4.4 and 1.1.1.1, first Google and then CF.

  • @HackedServer said:
    Here is what I push to all my servers.

    nameserver 129.250.35.251
    nameserver 74.82.42.42
    nameserver 64.6.65.6
    options rotate
    options timeout:1
    options attempts:3
    

    I had forgotten about options rotate: that's a good tip :smile:

    "Linux will run happily with only 4 MB of RAM, including all of the bells and whistles such as the X Window System, Emacs, and so on." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 32)

  • dns.google

  • hide1hidehide1hide Member
    edited October 2019
    nameserver 1.1.1.1
    nameserver 8.8.8.8
    nameserver 9.9.9.9
    nameserver 64.6.65.6
    nameserver 199.85.126.20
    nameserver 8.26.56.26
    nameserver 74.82.42.42
    

    The night is darkest just before the dawn.
    ~Harvey Dent

  • @hide1hide said:
    nameserver 1.1.1.1
    nameserver 8.8.8.8
    nameserver 9.9.9.9
    nameserver 64.6.65.6
    nameserver 199.85.126.20
    nameserver 8.26.56.26
    nameserver 74.82.42.42

    You realize that only the first three will be considered and that the last four are superfluous, right?

    Thanked by 1Ole_Juul

    "Linux will run happily with only 4 MB of RAM, including all of the bells and whistles such as the X Window System, Emacs, and so on." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 32)

  • I prefer to use OpenDNS 208.67.222.222 and 208.67.220.220

  • loydloyd Member
    edited October 2019

    CloudFlare 1.1.1.1 on the WAN router and WAN router on all intranet nodes

    If possible, I stay away from anything Google, they have trouble following specs, make their own rules and lot of their software has bugs that have lingered for years, common excuse is you did not pay for it so suck it up. Used to have 8.8.8.8 and 8.8.4.4 on all PCs and raspberies, but run into some weird hair pulling glitch which disappeared when switching to CF or OpenDNS. Ironically, some ISPs use Google DNS as their upstream authority so keep that in mind when using straight DHCP on the main router.

    75 20 6e 65 65 64 20 74 6f 20 67 65 74 20 6f 75 74 20 6d 6f 72 65

  • NekkiNekki Moderator

    Some local resolvers that don’t log from OpenNic, otherwise 9.9.9.9.

    Here lies Nekki. He loved massive amounts of storage, K-Pop and calling people cunts.

  • FHRFHR Member, Provider

    We run our own caching forwarders for customer VMs. Forwarding queries to 9.9.9.10 and 2620:fe::10 (Quad 9), 4.2.2.2 (Level 3) and 74.82.42.42 (HE).

    You won't find any Cloudflare there :wink:

    Thanked by 1uptime

    SkylonHost - affordable hourly-billed KVM VPS in Prague, CZ!
    Featuring own high performance network AS202297 | RIPE NCC member | Contact us for IPs/ASNs

  • I don't use dns, it's centralized.
    I just enter random IP numbers and if it hits, it hits.

    Thanked by 4ITLabs uptime grep mrTom

    You are dreaming. | And it's a nightmare. | THE SECRET THREAD | THE TRUTH | HAVES YOU SEEN THIS YURA?
    „Homo homini rattus.“ | It's not nightmare, it's reality, but it's still nightmare.

  • Just Google's DNS most of the time, on most of my servers.

  • my own

    Thanked by 3Ole_Juul uptime ras07

    Senior Level 30 Microsoft Certified Technician

  • FHR said: 4.2.2.2 (Level 3)

    The Level 3 resolvers will redirect to a search engine instead of returning NXDOMAIN for non existent domains. Can make it hard to identify domain typos or validate domains exist or other unexpected things for your customers. Food for thought.

    ~$ dig fakefakieafdsfa.com @4.2.2.2 +short
    23.217.138.108
    23.202.231.167
    ~$ dig fakefakieafdsfa.com @9.9.9.10 +short
    ~$
    
    Thanked by 3uptime hanoi rm_
  • HackedServer said: The Level 3 resolvers will redirect to a search engine instead of returning NXDOMAIN for non existent domains.

    Many DNS servers can filter those bogus IP addresses, for example, dnsmasq has the --bogus-nxdomain option.

  • Related, a recent StackExchange discussion on the Cloudflare DNS.

    https://webapps.stackexchange.com/questions/135222/why-does-1-1-1-1-not-resolve-archive-is/135223

    Thanked by 1uptime
  • 1.0.0.1 or 8.8.8.8 8.8.4.4 works fine for most areas...

  • DNS caching with Pihole on local network, so 192.168.x.xx and using cloudflare on pihole.

    Don't be so serious. It's just a forum. No one cares what you think anyway.

  • manlivomanlivo Member without signature

    8.8.8.8

Sign In or Register to comment.