[ILUG] Good DNS in Ireland

Jeroen Massar jeroen at unfix.org
Sat Dec 23 17:20:04 GMT 2006 

Justin Mason wrote:
[..]
> Nah, consumer broadband DNS servers are pretty crappy nowadays:
> http://blog.opendns.com/2006/08/17/cnet-reports-isps-arent-very-good-at-dns/
> http://taint.org/2005/04/15/193600a.html

Nice US centric story written by somebody who has something to sell;
their own stuff; as such quite a bit biased don't you think?

> http://www.opendns.com/ is the best option, I think, unless
> you want to run your own recursive resolver (which I think is
> what most of us do).

Yeah, let some people nicely run statistics over your DNS queries and
next to that rely on a service on the other side of the planet.

I thought the original complaint was about latency&responsetimes ;)

fuzzix wrote:
> Mikhail Ramendik wrote:
>> I am using eircom's broadband. But the eircom DNS is quite slow at
>> some times. I'd like to use a different DNS server.
>
> Using eircom myself - did find their default DNS servers a little
> sluggish. The contents of my /etc/resolv.conf are as follows:
>
> nameserver 159.134.237.6
> nameserver 159.134.248.17

Oh jummy, that 159.134.237.6 is an open recursive nameservers, long live
recursion attacks *sweet* Funnily the other doesn't do this, I can thus
only assume, also looking at the reverse of ns1.tinet.ie that it was
never meant as one, prolly a misconfig.

http://www.us-cert.gov/reading_room/dns-recursion121605.pdf
or in general terms: http://www.webmasterworld.com/forum23/4488.htm

Can somebody with enable at eircom shut those boxes down or at least
configure them correctly!? [/me spams them already... "Your report has
been sent to eircom net's abuse team. You should receive a response
within 48 hours." who makes a website for abuse.. didn't they hear of
IRT objects!?]

Normally one gets 213.94.190.194 + 213.94.190.236, these seem to work
perfectly fine and don't do recursion. Do note that Netopia's provided
by Eircomm do have crap DNS stacks, next to that, some devices like to
block DNS over TCP which can cause some additional problems too.

If you want to check if you have that issue, just try:
jeroen at spaghetti:~$ dig -t txt _aiccu.sixxs.net
;; Truncated, retrying in TCP mode.
...

if you get a long answer it is all fine, other wise it isn't

> These are also eircom servers - a little faster than the configured
> defaults. I'd like alternatives as apparently they resolve RFC 1918
> addresses (ie; private addresses such as 192.168.0.0/16)...

No, it is simply recursive and thus resolves everything it can.
The RFC1918 part is mostly because of it hitting www.as112.net or that
they actually have some RFC1918 space configured locally and you resolve
that. This box is simply misconfigured and one should not be using it ;)

Greets,
 Jeroen

More information about the ILUG mailing list