mixture
11th May 2012, 09:13
With the Olympics looming, just thought I'd post a little something about why using public DNS services such as Google or OpenDNS is a double-edged sword.
The potential benefits of such services have been written about time and time again on PPRuNe, i.e. the general good uptime of such services and the potential to benefit from phishing and malware filtering.
The downside you may not realise is when you access resources hosted on CDNs (Content Distribution Networks), you will benefit from greater access speeds if you use your ISPs DNS servers instead of a public DNS service. This doesn't only apply to streaming videos either, it applies to file downloads (such as software updates and images) from websites that are hosted on CDNs too.
For those not in the know, CDNs are globally distributed server clusters. The intention being to deliver content from the closest point to the user. They work their magic by identifying the closest content cluster to the user from the DNS lookup.
Here's an example from a typical ADSL line.
Let's ask Google where some of the BBC's CDN content is …
> dig @8.8.8.8 static.bbci.co.uk
a1638.g.akamai.net. 6 IN A 80.239.148.163
Let's ask OpenDNS where it is…..
> dig @208.67.222.222 static.bbci.co.uk
a1638.g.akamai.net. 4 IN A 77.67.21.66
Let's ask our ISP where it is….
> dig static.bbci.co.uk
a1638.g.akamai.net. 20 IN A 92.123.154.35
Ok, so we've got three sets of numbers back, big deal you may say.
Let's see where they take us.
First Google :
> traceroute 80.239.148.163
6 ldn-b5-link.telia.net (80.239.193.109) 32.144 ms 34.820 ms 34.022 ms
7 ldn-bb1-link.telia.net (80.91.246.144) 30.951 ms
ldn-bb1-link.telia.net (80.91.248.217) 31.914 ms
ldn-bb1-link.telia.net (80.91.246.144) 35.533 ms
8 adm-bb1-link.telia.net (80.91.250.84) 41.530 ms
adm-bb1-link.telia.net (80.91.253.191) 39.120 ms 43.912 ms
9 adm-b5-link.telia.net (80.91.246.101) 39.933 ms
adm-b5-link.telia.net (213.155.134.43) 39.445 ms 39.625 ms
10 80-239-148-163.customer.teliacarrier.com (80.239.148.163) 42.023 ms 40.776 ms 43.261 ms
So, Google takes us 10 hops and we end up in Amsterdam.
Now OpenDNS :
7 ae-52-52.csw2.london1.level3.net (4.69.139.120) 41.030 ms 34.391 ms 44.111 ms
8 ae-59-224.ebr2.london1.level3.net (4.69.153.141) 31.944 ms 34.414 ms
ae-57-222.ebr2.london1.level3.net (4.69.153.133) 47.822 ms
9 ae-48-48.ebr2.amsterdam1.level3.net (4.69.143.81) 40.525 ms
ae-47-47.ebr2.amsterdam1.level3.net (4.69.143.77) 40.668 ms
ae-48-48.ebr2.amsterdam1.level3.net (4.69.143.81) 46.255 ms
10 ae-59-224.csw2.amsterdam1.level3.net (4.69.153.214) 58.317 ms 46.066 ms 39.261 ms
11 ae-2-52.edge3.amsterdam1.level3.net (4.69.139.169) 40.143 ms 43.027 ms 39.972 ms
12 intelq-tinet (4.68.110.86) 38.340 ms
isc-level3-ge.sanjose1.level3.net (4.68.110.142) 42.681 ms 43.250 ms
13 xe-1-3-1.lon10.ip4.tinet.net (89.149.185.230) 40.338 ms
xe-9-3-0.lon10.ip4.tinet.net (89.149.183.174) 41.701 ms
xe-9-1-1.lon10.ip4.tinet.net (89.149.183.61) 42.593 ms
14 77.67.21.66 (77.67.21.66) 38.823 ms 42.349 ms 39.791 ms
OpenDNS takes us 14 hops and we take a great circle route to London via San Jose and Amsterdam !
Now the ISP :
6 xe-0-3-0.cr1.lhr1.uk.nlayer.net (195.66.224.37) 38.302 ms 40.140 ms 35.666 ms
7 as20940.xe-4-0-5.ar1.lhr1.uk.nlayer.net (69.22.139.38) 30.580 ms 77.906 ms 30.742 ms
8 a92-123-154-35.deploy.akamaitechnologies.com (92.123.154.35) 35.987 ms 34.449 ms 34.091 ms
Only 8 hops, remaining up in London throughout, and the lowest latency route of all three.
So, the moral of the story is that unless you have a good reason to do otherwise, you should seriously consider only using your ISPs DNS servers, and make sure you check the settings once in a while incase the ISP has changed the server IPs.
The potential benefits of such services have been written about time and time again on PPRuNe, i.e. the general good uptime of such services and the potential to benefit from phishing and malware filtering.
The downside you may not realise is when you access resources hosted on CDNs (Content Distribution Networks), you will benefit from greater access speeds if you use your ISPs DNS servers instead of a public DNS service. This doesn't only apply to streaming videos either, it applies to file downloads (such as software updates and images) from websites that are hosted on CDNs too.
For those not in the know, CDNs are globally distributed server clusters. The intention being to deliver content from the closest point to the user. They work their magic by identifying the closest content cluster to the user from the DNS lookup.
Here's an example from a typical ADSL line.
Let's ask Google where some of the BBC's CDN content is …
> dig @8.8.8.8 static.bbci.co.uk
a1638.g.akamai.net. 6 IN A 80.239.148.163
Let's ask OpenDNS where it is…..
> dig @208.67.222.222 static.bbci.co.uk
a1638.g.akamai.net. 4 IN A 77.67.21.66
Let's ask our ISP where it is….
> dig static.bbci.co.uk
a1638.g.akamai.net. 20 IN A 92.123.154.35
Ok, so we've got three sets of numbers back, big deal you may say.
Let's see where they take us.
First Google :
> traceroute 80.239.148.163
6 ldn-b5-link.telia.net (80.239.193.109) 32.144 ms 34.820 ms 34.022 ms
7 ldn-bb1-link.telia.net (80.91.246.144) 30.951 ms
ldn-bb1-link.telia.net (80.91.248.217) 31.914 ms
ldn-bb1-link.telia.net (80.91.246.144) 35.533 ms
8 adm-bb1-link.telia.net (80.91.250.84) 41.530 ms
adm-bb1-link.telia.net (80.91.253.191) 39.120 ms 43.912 ms
9 adm-b5-link.telia.net (80.91.246.101) 39.933 ms
adm-b5-link.telia.net (213.155.134.43) 39.445 ms 39.625 ms
10 80-239-148-163.customer.teliacarrier.com (80.239.148.163) 42.023 ms 40.776 ms 43.261 ms
So, Google takes us 10 hops and we end up in Amsterdam.
Now OpenDNS :
7 ae-52-52.csw2.london1.level3.net (4.69.139.120) 41.030 ms 34.391 ms 44.111 ms
8 ae-59-224.ebr2.london1.level3.net (4.69.153.141) 31.944 ms 34.414 ms
ae-57-222.ebr2.london1.level3.net (4.69.153.133) 47.822 ms
9 ae-48-48.ebr2.amsterdam1.level3.net (4.69.143.81) 40.525 ms
ae-47-47.ebr2.amsterdam1.level3.net (4.69.143.77) 40.668 ms
ae-48-48.ebr2.amsterdam1.level3.net (4.69.143.81) 46.255 ms
10 ae-59-224.csw2.amsterdam1.level3.net (4.69.153.214) 58.317 ms 46.066 ms 39.261 ms
11 ae-2-52.edge3.amsterdam1.level3.net (4.69.139.169) 40.143 ms 43.027 ms 39.972 ms
12 intelq-tinet (4.68.110.86) 38.340 ms
isc-level3-ge.sanjose1.level3.net (4.68.110.142) 42.681 ms 43.250 ms
13 xe-1-3-1.lon10.ip4.tinet.net (89.149.185.230) 40.338 ms
xe-9-3-0.lon10.ip4.tinet.net (89.149.183.174) 41.701 ms
xe-9-1-1.lon10.ip4.tinet.net (89.149.183.61) 42.593 ms
14 77.67.21.66 (77.67.21.66) 38.823 ms 42.349 ms 39.791 ms
OpenDNS takes us 14 hops and we take a great circle route to London via San Jose and Amsterdam !
Now the ISP :
6 xe-0-3-0.cr1.lhr1.uk.nlayer.net (195.66.224.37) 38.302 ms 40.140 ms 35.666 ms
7 as20940.xe-4-0-5.ar1.lhr1.uk.nlayer.net (69.22.139.38) 30.580 ms 77.906 ms 30.742 ms
8 a92-123-154-35.deploy.akamaitechnologies.com (92.123.154.35) 35.987 ms 34.449 ms 34.091 ms
Only 8 hops, remaining up in London throughout, and the lowest latency route of all three.
So, the moral of the story is that unless you have a good reason to do otherwise, you should seriously consider only using your ISPs DNS servers, and make sure you check the settings once in a while incase the ISP has changed the server IPs.