PowerDNS currently hard-codes the RD (recursion desired) bit to 0 when it sends DNS packets to nameservers configured in its forward-zones/forward-zones-file configuration parameter. This makes it impossible for one to configure an open recursive nameserver such as GPD as a forwarder. There is a ticket open in PowerDNS about it and Bert has mentioned on the mailing list that he is close to making the changes to provide the required functionality. Maybe this feature might come in a future PoweDNS recursor release
Most of the comments which I’m reading about Google Public DNS (GPD) performance centers around round trip latency from an end-users location to GPD’s resolvers vis-a-vis their network location and comparing the round trip time to their local ISP DNS cache. Ping time is only one part of the time taken for DNS resolution, one needs to factor in DNS resolution time also which can be affected by cache locality and sizing as well as how connected the requested authorative nameserver for the query is relative to the DNS resolver. IMHO, an effective way for setting up an office DNS cache is to setup a local caching nameserver such as Dan Bernstein’s dnscache and use GPD as an upstream forwarder.
Thus domains which are repeatedly asked are answered from your local dnscache and the long tail of domains can be answered by GPD which may have its in its cache because what may be infrequent for your organisation is frequent for someone else who is using GPD thus giving you the best of both worlds. Fast local caching, and a fast recursive resolver when you have no locally cached results.
I’m assuming that in the coming weeks, Google will reach out to a number of organisations who use anycast DNS such as Content Delivery Network operators (Akamai, Limelight, CDNetworks etc) and authorative DNS servers operators (Dynect,UltraDNS,DNSMadeEasy etc) and work out better network routing amongst them.
These instructions assume that you have setup dnscache as an external forwarding cache for your organisation.
Then run the following commands (asssumes that you have installed dnscache as per DJB’s setup. Ubuntu/Debian users may have to adjust paths if they use packages from these distributions
echo 1 > /service/dnscache/env/FORWARDONLY echo '18.104.22.168 22.214.171.124' > /service/dnscache/root/servers/@ svc -t /service/dnscache
There has been a lot of buzz regarding Google Public DNS herafter called GPD. Google’s instructions are designed for end users modifying their own computers. I think GPD can be very useful if used in conjunction with a forwarding cache on a router. This is the mechanism I used on my Linksys WRT54GL running DD-WRT
v24 to combine using DNSMasq and use GPD’s provided IP addresses 126.96.36.199 and 188.8.131.52 as the upstream DNS.
I assume that you have enabled SSH access to the router so you can login via SSH and take backups of the old values of the upstream DNS
- SSH into your router and run
cat /tmp/resolv.dnsmasq. Save the IP addresses listed somewhere in case you want to revert back
- Go to the Commands tab under Administration.
- In the Commands box paste the following:
- Click Save Firewall (note: your WAN interface will be restarted)
echo "nameserver 184.108.40.206 nameserver 220.127.116.11" > /tmp/resolv.dnsmasq sleep 1 killall -HUP dnsmasq
Now, you can take advantage of the DNS caching on your router and misses on the routers DNS cache are sent to GPD for resolution. Note that websites which use CDN will now determine the closest node based on where the anycasted GPD addresses 18.104.22.168 and 22.214.171.124 resolve to relative to your network.
In a future post, I’ll write about how GPD can be integrated as an upstream forwarder using dnscache and why PowerDNS recursor doesn’t support using an open resolver as an upstream forwarder at present