Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


what dns do you use for resolve.conf
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

what dns do you use for resolve.conf

I am using 1.1.1.1 1.0.0.1 cloudflare what bout you?

«1

Comments

  • 127.0.0.1

  • Suspicious_oldman.jpg

  • king8654king8654 Member
    edited October 2019

    Normally goggles, 8.8.8.8 or 8.8.4.4

    Tinfoil hat ensues

    Thanked by 1kkrajk
  • 1.1.1.1
    8.8.8.8

    Thanked by 1Sofia_K
  • 192.168.1.1
    localhost

  • Datacenters DNS usually plus 8.8.8.8 + 1.1.1.1 or opendns too.

  • rm_rm_ IPv6 Advocate, Veteran
    edited October 2019

    I tried 1.1.1.1 briefly, but it lowercases all PTR responses. Compare:

     Host                                   Loss%   Snt   Last   Avg  Best  Wrst StDev
     1. 10.92.127.126                        0.0%     6    0.8   0.8   0.7   0.9   0.0
     2. lag-2-435.bgw01.tmn.ertelecom.ru     0.0%     5    0.8   0.8   0.6   1.0   0.0
     3. GW-ERTelecom.retn.net                0.0%     5   30.1  30.2  29.9  30.7   0.0
     4. ae10-153.RT1.M9.MSK.RU.retn.net      0.0%     5   30.2  30.9  30.1  33.7   1.4
     5. ae0-9.RT.THV.PAR.FR.retn.net         0.0%     5   72.7  72.5  72.4  72.7   0.0
     6. 195.154.3.206                        0.0%     5   73.0  73.2  73.0  73.4   0.0
     7. 45x-s44-2-a9k2.dc3.poneytelecom.eu   0.0%     5   73.3  73.3  73.1  73.5   0.0
     8. ping.online.net                      0.0%     5   72.7  72.6  72.3  72.7   0.0
    

    and

     Host                                   Loss%   Snt   Last   Avg  Best  Wrst StDev
     1. 10.92.127.126                        0.0%     8    0.6   0.7   0.6   0.9   0.0
     2. lag-2-435.bgw01.tmn.ertelecom.ru     0.0%     7    1.4   0.8   0.6   1.4   0.0
     3. gw-ertelecom.retn.net                0.0%     7   36.0  31.2  29.9  36.0   2.2
     4. ae10-153.rt1.m9.msk.ru.retn.net      0.0%     7   32.4  30.8  30.0  32.4   0.6
     5. ae0-9.rt.thv.par.fr.retn.net         0.0%     7   72.3  72.5  72.3  72.8   0.0
     6. 195.154.3.206                        0.0%     7   73.1  73.2  72.9  74.3   0.4
     7. 45x-s44-2-a9k2.dc3.poneytelecom.eu   0.0%     7   75.8  74.6  73.2  77.2   1.6
     8. ping.online.net                      0.0%     7   72.6  72.5  72.4  72.6   0.0
    

    The latter looks like trash IMO, and for no good reason. Removed that one from all my hosts and will never use it.

    For one where the company's primary job is something else other than spying on your queries, I like NTT's public resolvers:

    nameserver 129.250.35.250
    nameserver 129.250.35.251

    But the first line in that list in most cases will be 127.0.0.1 with an instance of unbound running.

  • cat /etc/resolve.conf
    cat: can't open '/etc/resolve.conf': No such file or directory
    
    Thanked by 1Cloudcone
  • raindog308raindog308 Administrator, Veteran

    kassle said: cat: can't open '/etc/resolve.conf': No such file or directory

    We save a critical 1 byte of storage by leaving the 'e' off the end.

  • WebProjectWebProject Host Rep, Veteran

    1.1.1.1 and 1.0.0.1 is better as its faster.

  • RemoteControlRemoteControl Member
    edited October 2019

    Cloudflare blocks 2 out of 11 VPS providers that I use by default. If you have cheapo providers they may be on some blocklists. So when I assign ip123.mydomain.tld an A record or even AAAA it can't be resolved. After some changes, cat /etc/resolv.conf
    nameserver 10.1.1.1
    nameserver 192.168.20.20
    nameserver 8.8.4.4
    nameserver 1.1.1.1
    root@lowcalhost:~#

    First DNS is datacenter, second DNS local VM server, then Google, then CF last. I recommend putting your local ISP DNS before CF/Google.

  • SpryServers_TabSpryServers_Tab Member, Host Rep

    If your datacenter provides DNS, then you should either use that or create your own resolvers. The response time will always be faster.

    Thanked by 1Ole_Juul
  • 127.0.0.1 is the fastest.

  • rm_rm_ IPv6 Advocate, Veteran
    edited October 2019

    RemoteControl said: cat /etc/resolv.conf
    nameserver 10.1.1.1
    nameserver 192.168.20.20
    nameserver 8.8.4.4
    nameserver 1.1.1.1

    Keep in mind only the first three entries are ever used, no matter how many you add. True story.

           nameserver Name server IP address
                  Internet address of a  name  server  that  the  resolver  should
                  query,  either  an  IPv4  address  (in dot notation), or an IPv6
                  address in colon (and possibly dot) notation as  per  RFC  2373.
    >>            Up  to  MAXNS  (currently 3, see < resolv.h >) name servers may be
    >>            listed, one per keyword.  If there  are  multiple  servers,  the
                  resolver  library queries them in the order listed.  If no name‐
                  server entries are present, the  default  is  to  use  the  name
                  server  on  the  local machine.  (The algorithm used is to try a
                  name server, and if the query times out, try the next, until out
                  of name servers, then repeat trying all the name servers until a
                  maximum number of retries are made.)
    Thanked by 2angstrom Ole_Juul
  • rm_rm_ IPv6 Advocate, Veteran

    WebProject said: 1.1.1.1 and 1.0.0.1 is better as its faster.

    Across Google's, CF's, NTT's, or running my own, I have never ran into a situation where I'd say "gosh, this DNS is so slow! I wish it would be just a bit faster!" We're long past the point of DNS being slow (just don't use the ISP and DC ones which can be plain misconfigured and broken), so if you believe you absolutely must have CF (and their spying) to make it "fast", then you are just a brainwashed victim of their marketing, simple as that.

  • dfroedfroe Member, Host Rep
  • Also be noted that glibc try each server in sequence and try the next only after one times out while musl queries them all in parallel.

  • rm_ said: For one where the company's primary job is something else other than spying on your queries, I like NTT's public resolvers:

    Thanks for the pointer. Do they have a privacy policy?

  • dfroedfroe Member, Host Rep
    edited October 2019

    psb777 said: while musl queries them all in parallel

    which causes DNS traffic to triple with the intention to intentionally discard 2/3 of all responses?
    Doesn't sound like a great deal to me.

    Personally I'd prefer something "more intelligent" like BIND's forwarding algorithm which continously meassures RTT among all configured forwarders assigning faster servers a more preferred weight.
    Source: https://docstore.mik.ua/orelly/networking_2ndEd/dns/ch02_06.htm

    Thanked by 3jsg kassle Ole_Juul
  • @dfroe said:

    psb777 said: while musl queries them all in parallel

    which causes DNS traffic to triple with the intention to intentionally discard 2/3 of all responses?

    Correct. Justification and mitigations are on the wiki page too.

    Doesn't sound like a great deal to me.

    But IMO worse is when your first one (or two) servers are dead, and glibc gets stuck at every DNS query.

    Thanked by 1flatland_spider
  • jsgjsg Member, Resident Benchmarker

    Quad 9 + a couple hand selected and checked daily regional servers from halfway decent orgs.

    Plus a good local cache.

    And: glibc is sh_tty? Who woudda thought that?!!
    But: There are some widely unknown resolver parameters to somewhat tune it.

    Thanked by 1kassle
  • HackedServerHackedServer Member
    edited October 2019

    Here is what I push to all my servers.

    nameserver 129.250.35.251
    nameserver 74.82.42.42
    nameserver 64.6.65.6
    options rotate
    options timeout:1
    options attempts:3
    

    NTT, HE.net and Verisign.
    All pretty quick (anycast), support ANY, no dns hijacking, and probably not farming my personal data.

  • dnscrypt-proxy using these
    - 0ms cisco-familyshield
    - 1ms adguard-dns-family
    - 1ms cleanbrowsing-family

  • Quad9, Layer3/CenturyLink, or my own DNS servers.

  • MikeAMikeA Member, Patron Provider

    I used to use Google DNS, then switched to CloudFlare, then CloudFlare started heavily rate limiting the OVH network so I switched back to Google. I use Q9 in some stuff.

  • cybertech said: 1.1.1.1

    8.8.8.8

    same here. My 1st one is CF, second is Google.

    Thanked by 1cybertech
  • JordJord Moderator, Host Rep

    69.69.69.69 if all else fails 666.666.666.666

  • 8.8.4.4 and 1.1.1.1, first Google and then CF.

  • @HackedServer said:
    Here is what I push to all my servers.

    nameserver 129.250.35.251
    nameserver 74.82.42.42
    nameserver 64.6.65.6
    options rotate
    options timeout:1
    options attempts:3
    

    I had forgotten about options rotate: that's a good tip :smile:

  • dns.google

Sign In or Register to comment.