We expect DNS responses to be correct and returned in a reasonable amount of time. Learn how to make sure that happens.
Mentioning that DNS name servers can have performance and timing issues usually results in quizzical looks. DNS resolution either works or it doesn't.
What about subtle problems; like long response times, timeouts, and corrupt caches? It's still possible for query responses to get through. It just takes a lot longer. In which case, having gobs of bandwidth doesn't mean anything.
Another assumption: We must use specific DNS name servers, like those provided by our ISPs. That's typically not the case. Think there might be a problem? Try a different DNS name server. Okay, great. Which one?
DNS benchmarking tools
This is where DNS benchmarking tools -- client-side applications that test the performance of DNS name servers -- come into play. They have the ability to:
- Determine whether a particular DNS name server is available.
- Compare the response times of selected DNS name servers against publically-available DNS name servers.
- Create a chart, ranking DNS name servers according to their response times, number of timeouts, and other related parameters.
Namebench is a Google project designed to find the most responsive DNS name server for the host computer. Strange as it sounds, that means two computers sitting next to each other could have different results. Namebench does that on purpose:
"Namebench runs a fair and thorough benchmark using your web browser history, tcpdump output, or standardized datasets in order to provide an individualized recommendation."
The following slide shows the test setup window that opens when Namebench is activated:
The first section asks what DNS name servers should be included:
- Name servers: List of DNS name servers that are of specific interest.
- Include global DNS providers: Check this box to include OpenDNS and Neustar (formerly UltraDNS) name servers.
- Include best available regional DNS services: Select this to include the best-performing DNS name servers in your area.
The next section asks what tests to run and how to setup the queries:
- Include Censorship Checks: Check that censored domain names are blocked.
- Query Data Source: Determine where Namebench selects the test host names. Typically it is the browser history, but there are other options such as the "Top 2000 web sites".
- Health Check Performance: Choose to test either 10 or 40 servers at a time, depending on available bandwidth.
- Number of queries: Select the number of queries that are sent to each DNS name server. Default is 250 requests.
The results show up as a web page similar to the one below:
I use OpenDNS. Namebench determined my secondary OpenDNS name server (18.104.22.168) had the best response time. That's interesting, because, OpenDNS's choice for primary server is in sixth place. I guess I will have to swap the two in the network adapter's configuration.
The next benchmarking tool comes from Steve Gibson of GRC.com. I am always amazed at his software. Namebench by Google is slightly over 5 MB and DNS Benchmark is only 164 KB. I guess that is what happens when the program is written in assembly language.
In default condition, DNS Benchmark tests up to 200 publicly-available DNS name servers, plus ones currently in use by the computer. That list can be made smaller or changed to DNS name servers of your choice. The following slide shows the results from testing my computer:
In this case, DNS Benchmark locates the fastest name servers first. The following are the tests that DNS Benchmark runs:
- Cached lookups (Red bar): The response time for returning cached lookups from the DNS name server.
- Un-cached lookups (Green bar): The response time for returning a new lookup or one with an expired Time to Live.
- Dotcom lookups (Blue bar): The response time for returning a query from a "Dot Com" DNS name server.
- Reliability (Red bar by IP address): The number of lost or dropped queries during the test.
- Rebinding protection: Whether the DNS name server prevents resolution of external names into internal IP addresses (Wiki entry).
One thing special about DNS Benchmark is the conclusion tab. After testing is completed, the application analyzes the results and provides conclusions and possible fixes. The following slide is an example:
Remember my mentioning I needed to change the sequence of my Open DNS servers? Well, DNS Benchmark, in somewhat of an obtuse way, also suggests the sequence should be changed.
Some things I learned
I ran some tests at home using my DNS name server. I could not understand why my server's response times were so much longer than OpenDNS's response times. It should be the opposite.
Then I started DNS Benchmark. It was strange. My DNS name server registered unusually long un-cached lookup response times. It dawned on me what was happening. Only two people use my DNS name server. So the cache is relatively small compared to OpenDNS's cache. Meaning, more often than not, my name server must query other name servers.
I learned something else. To get valid test results, shut down all applications except the DNS benchmarking tool on the host computer. That applies to other computers on the network as well. It's referred to having a "quiet network" for the test.
I barely scratched the surface of what information and analysis the two applications provide. To be honest, I am still learning what they can do and how to use them when troubleshooting.
I also thought I would end up having a favorite, but I didn't. Each has its place in my tool box. Give them a try and let me know what you think.Update: December 06, 2010
Yesterday, Comcast users in the Midwest lost their Internet service. Comcast is saying the outage stemmed from a problem with their DNS name servers. Not having access, most users did not know that. Using DNS benchmarking tools would have shown the problem with Comcast's DNS name servers. Switching to a working DNS name server would have returned normal Internet operation.