Implementing a caching-only DNS on openSUSE
Lately I've been noticing significant DNS latency when visiting certain sites. This is most obvious when my browser spends ages with "Looking up some.web.server.com..." in it's status bar. It's particularly bad at sites like wordpress.com where many pages make reference to sub-domains of wordpress.com and typically also to google.com for analytics or ads.
While my ISP's DNS infrastructure is pretty good, there are a couple of things I can do to improve DNS look-up, which makes page loads a lot quicker.
There are two things which can significantly speed up DNS look-ups for your local clients:
- Switch to a faster name service
- Cache your look-ups on your machine, to prevent repeat DNS requests for sites you often visit
Of course, a combination works well too.
So, what name service do you use? I know of two free/open services that are pretty good and promising to get better:
- OpenDNS: This is a globally distributed service that's fairly quick and is free to use. It also offers a simple (and easily bypassed) content filtering service by blocking known domain names
- Google Public DNS: This is a recent service offered by Google as an experiment in DNS technologies. Again it's globally distributed (using any-cast so the same IP routes to the Google data centre closest to you). No filtering is provided
Both are great services. Performance varies depending on where in the world you are. Since I'm in Australia, Google beats OpenDNS, but I'm going to use both of these and my ISP since it's still fairly good too.
Hack 0: install and configure BIND
In openSUSE, you can install bind like this (as root):
# zypper install bind
Although the program is called BIND, the name of the service is actually named (name daemon). It's configured with the file /etc/named.conf
. Edit this (as root) to add a list of up to three forwarding DNS name servers. I'm going with Google as Primary, then OpenDNS, then my router (which forwards to my ISP):
forwarders { 8.8.4.4; 208.67.222.222; 16.1.1.1; };
Next, you need to tell openSUSE to start the DNS server at boot time. It makes sense to have it running whenever there are network services. In openSUSE, this means at runlevels 3 and 5. I use YaST because it's so simple:
# yast2 runlevel
Finally, start the server. Either do it from YaST, or with the command-line:
# service named start
Hack 1: local resolver
This is simple: add the nameserver addresses to your /etc/resolv.conf
, like so:
nameserver 127.0.0.1 # Localhost bind
nameserver 8.8.4.4 # Google
nameserver 208.67.222.222 # OpenDNS
nameserver 16.1.1.1 # My router (forwards requests to my ISP)
There are alternate addresses for each of Google and OpenDNS, I've chosen one each above. The other addresses are 8.8.8.8 for Google, and 208.67.220.220 for OpenDNS. OpenDNS also offers "family shield" on .123 but your teenager (or maybe your six-year-old?) can bypass that pretty easily.
Other computers
Now, any time your browser makes a DNS look-up, the resolv.conf tells it to try your local DNS server first, which in turn forwards to Google, OpenDNS and the router, and caches the results for next time.
If you want other machines in your house to use this name server, just configure them. If you point their primary DNS server at your openSUSE box's address, they will use the same named you just configured.