[afnog] Decreasing Access Time to Root Servers DNS by Running One on Loopback

Nishal Goburdhan nishal at controlfreak.co.za
Mon Dec 14 10:44:36 UTC 2015 

On 14 Dec 2015, at 11:53, Mathias HOUNGBO wrote:

> I use a similar method on my laptop for a while; but I know it is not 
> a
> 'nice solution'.
> But when you have some ISPs who don't maintain their DNS resolvers, 
> you
> did not have much choice : use public DNS resolver or slave root DNS.

or, just simply run a (local to your laptop) recursive server.  you 
don’t *need* to slave the root to run a recursive server on your 
laptop.  and, arguably, if someone has problems running a simple 
recursive DNS server, which, just needs to be locked down to your own 
address space, the techniques in the earlier mentioned RFC are going to 
be a lot more unnecessary, and complicated, work for them.

i have my own misgivings on the efficacy of public dns resolvers.  
they’re useful to ping to test your connectivity, but that’s about 
it for me  ;-)

the thing with your ISP’s dns caches (assuming they work) is that in 
the long run, they’re likely to give you the best overall performance. 
  so, if your domestic ISP’s dns caches don’t work, then, while 
it’s easy for geeks to do what you suggest above (run your own local 
cache), it’s actually to the benefit of everyone in your local 
community, to try to get your ISP to fix their stuff, since you’re 
more likely to benefit more from the larger cache size they’d maintain 
vs. your own local cache.  play with namebench [1] when you have some 
time.


> For example, in Bénin, we have copy of a root server on the Internet
> exchange point (benin-ix.org.bj), but I believe there is only one ISP
> that uses it!

i would *guess* that, at least two ISPs should be seeing this [2].  but, 
of course, the others should too!

considering that the ISPs don’t have to make any DNS changes to take 
advantage of this but simply peer, can you think of why they would be 
unwilling to?  i know, in some cases, it means sitting down with the 
peering person at the relevant ISP, and explaining what benefit a 
domestic anycast node brings;  perhaps this is the issue?
not sure if the list allows attachments, but here’s (part of) the ripe 
atlas graph showing the latency improvement from one atlas probe in 
benin, when this went live.  you’d almost think that the other ISPs 
would *want* to do this asap  ;-)

do you (or others) have friends/peers/colleagues/business partners/etc. 
at 37424, 37136, or 37292?  can you peer-pressure them to fix this?

—n.

[1]  https://code.google.com/p/namebench/
[2]  
https://prefix.pch.net/applications/lg/?query=summary&args=&router=route-collector.coo.pch.net%3Acisco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: atlas-probe-isocel-benin.tiff
Type: image/tiff
Size: 189250 bytes
Desc: not available
URL: <http://www.afnog.org/pipermail/afnog/attachments/20151214/aef3b0a5/attachment-0001.tiff>

More information about the afnog mailing list