DNS is one of the key ingredients of the internet and the world wide web. Without it you would have to type long numbers into the browsers address bar instead of convenient domain names like example.org. Humans seem to remember words better than numbers. In that sense, DNS is like the internets “phonebook”. To look up those numbers, which are the real address of (web)servers in the internet, every computer asks a so called name server to resolve a given domain name to its actual address.
But where do you get a name server address if you don’t have a name server yet? Well, most of the internet service providers just tell your computer to use their name server if you don’t have one already. Recently google announced their name server with a number which is quite easy to remember (8.8.8.8). So where ever you go you shouldn’t have to care about configuring a name server.
On the other side the name server provider can refuse to resolve certain addresses to an extend where it could be called »censorship«. A provided name server can be very slow and degrade your overall internet performance. Fun fact: Most of the times when people cry out “My internet is not working”, faulty or non-reachable name servers are involved.
Luckily DNS is very decentralized. Everyone can have its own name server. There is no magic to it and its very easy to do as well. Most users even have one pre-installed. Its called »bind«. Its quite easy to setup but there are other ones which are more convenient. I use »unbound« locally on my laptop. Where ever I go, I bring my name server with me. If something is not resolving or working, I have a log file to look into it. It allows me to block google tracking domains easily and offers speed and lots of flexibility. The best thing: It’s super easy to set up:
On Mac OS X with Macports run the following in your Terminal:
sudo port install unbound sudo launchctl load -w /Library/LaunchDaemons/org.macports.unbound.plist
Thats it. Test it in the terminal via:
dig www.slashdot.org @127.0.0.1
Now configure it in the Network Preferences as your DNS server and move on.
Packages for other operating systems should be available.
Why isn’t everybody using a local DNS resolver/cache?
Using public and well known DNS servers has a big advantage. Since all its users are contributing to its cache, 99% of the domains that need to get resolved are already in the cache. This saves time and bandwidth. As karsten pointed out in the comments, it wouldn’t be wise to switch completely to locally installed DNS resolvers. On the other side it has no disadvantages having a DNS resolver installed which is only running / used when you need it. Have a look at the comments for a more elaborate reply.
Instead of using GoogleDNS or OpenDNS only, look for other public DNS servers or set up one on your own for you and everybody else.
Even if you still don’t care to run your own name server, do yourself a favor and inform yourself about DNS. Its something, that doesn’t hurt to know and can be really useful.
Links
Thank you for this article. Will using a local DNS avoid the problems with Akamai detailed in the articles you linked to?
The main disadvantage is that you have to deal with it. You need to understand DNS to a certain degree and you need to invest a little time to setup your DNS resolver. It took me five minutes but someone more unexperienced will need more time. Also, the first time you resolve a domain, the lookup can take a few milliseconds. Afterwards it is in your DNS cache and will return with a query time of 0. So if there is one disadvantage when it is running, its the initial query time. But probably won’t even notice it. Just try for yourself!
The main disadvantage is that you don’t profit from your providers DNS caches any longer. That’s suprisingly often noticable and delays the first connection, sometimes only a couple of milliseconds, but more often a second or longer.
Besides, this also drives additional traffic to the sites DNS server. This may be negligible as long as it’s only hukl and a couple of nerds running their private DNS, but might result in heftier performance penalties if this practice starts to catch on.
Partly true because on the other side, you visit the same hosts over and over again. Your favorite news sites, blogs, mail server etc. Once you load a web page and resolve its domain a lot of subsequent requests for assets happen to the same domain. All returning with 0 milliseconds query time. Additionally the cache is being held for quite some time so you will simply fill up your own cache to a beneficial degree very quickly.
Furthermore, once you’ve managed to run your own resolver you can set up similar DNS caches for your office, companies or even provide more publicly accessible DNS resolvers. In this regard, this post is meant to remind people of the decentralized nature of DNS. It is really easy to set up and that you should not rely on a single DNS provider like google.
Hey hukl,
hört sich alles gut an, jedoch wie schaut es mit den Nachteilen aus? Gibt es welche? Was sollte man beachten?
******
Are there any disadvantages?
Thanks.
Accidentally replied to the wrong comment. See above.
Ok, count me in. I apt-get installed it and it runs fine so far (quite a page load delay on the first load but very fast after that!).
But: Since the unbound home page lacks a few human-friendly explanations on how to read the log file for example – does one have to be dns expert to do that? just asking – and how to tweak that thingy for different setups – e.g. vserver vs. dedicated machine setup, single-user scenario vs. multi-user scenario – i wonder if you can recommend a few more links to get in to it?
Thanks
Todde
hi hukl,
tnx for this article. could you elaborate on the blocking google url blocking part? i am very intersted in that and would like to try that.
tnx.
raphael
Basically you search for something like “block google analytics hosts” and you will find all the hosts you need to block. In unbound you can put theses hosts in the config file and block them or even redirect them.
Hi there,
I’m a newbie to DNS, but I am really interested in what I just read here. Actually, I just installed unbound on my macbook pro and it seems to work but I only if I deactivate peerguardian otherwise it doesn’t give any result. Is it normal?
Also, I was wondering if I need to configure unbound at all. I didn’t. I just installed it and ran it as you explain here. Is this ok? I read the unbound.conf-dist file, but I am kind of lost in there and I ended up just closing the file without doing any changes.
Finally, I did other research and now I’m totally confused. I’m just not sure if it’s good or not to use unbound on my machine. I thought it’s good because it will save me some msec on every request I make and also I don’t like to send all my dns lookup requests to my stupid ISP because I just don’t trust those people (yes, I know, I’m a bit paranoid). When I say I’m confused it’s because I read (here and on other sites) some people arguing that it’s not a good thing, but to be honest, I just don’t understand what they say!
Could someone please help me?
Thanks a lot!
Hey Huckl,
thanks for the article, I read it but today everyone including me is using homebrew instead of Macports. Unfortunately the homebrew formula doesn’t create the User and all the configuration stuff. Is it possible to give an update for how to install and configurate unbound via homebrew or completly from source? This would be great!
I found your article searching for a way to install Unbound in OSX 🙂
thank you for letting me know I can use Macports (I already used it for other sw, eg. BIND).
I have a question: is the cache flushed when you reboot the Mac where Unbound is installed? or is it possible to re-use the cache at start-up?
For those asking more infos about the Unbound config, this is a great link:
https://calomel.org/unbound_dns.html
Hmm I never tried to preserved the cache across reboots. Let me know when you found out if this is possible 🙂