|Topic Review (Newest First)|
|2020-01-24 02:02 PM|
|ExDilbert||I had a senior moment. Thanks to 57 for correcting it.|
|2020-01-24 01:22 PM|
I see you changed 100 Gb to 100 Mb. I was just expressing surprise at the 100 Gb number, when that's not normally used for customers. The most I've ever seen a customer get was 10 Gb and that was for a Scotiabank data centre.
As far as TPIA's backbone, that depends on a few things. While companies such a Rogers or Bell could have their own backbone, smaller companies might only connect as far as the nearest Internet exchange, such as the one at 151 Front St. W. in Toronto.
|2020-01-24 11:04 AM|
Google needs such cables for their data centers, which are gigantic, and backbone connections. Don't know that they would currently be of any use to consumers. Most consumer devices are barely capable of reaching 1Gbps. I've heard of 10Gb internet service in Korea but that would be overkill for almost all residential use. Large businesses, especially those operating data servers, could certainly make use of it.
Not sure what this has to do with TPIAs being out in Ontario but I would hope that TPIAs reselling Rogers internet would have very fast backbone connections to Rogers or another backbone access provider. I've seen what happens when backbone connections exceed capacity and it's not good for their internet customers.
|2020-01-23 11:45 PM|
100 Gb? Carriers are starting to use 100 Gb between offices. It's also used with undersea cables. Google has a 60 Tb cable. It has 6 pairs of fibre, with each carrying 100 wavelengths at 100 Gb each. There are other cables with more pairs.
|2020-01-23 09:45 PM|
Rogers 1Gb cable internet is fairly common these days. Bell still has 50Mb or 100Mb FTTN or 10Mb DSL in a lot of areas where Rogers is offering 1Gb. TPIAs typically max out at 500Gb or lower even where Rogers has 1Gb.
CIK Telecom can charge $39.99 because the only infrastructure they need to install or maintain is inside a building. Running fibre down the street and maintaining systems exposed to temperature extremes, damage and moisture is a lot more expensive. I think Bell could offer better prices in general but companies like CIK Telecom are picking low hanging fruit. At least they are passing along the savings.
|2020-01-23 09:30 PM|
Rogers is fibre to the neighbourhood and, in some cases, to the home. A friend has Gb download over Rogers. I have a 75/10 package and regularly get low-mid 90s down and about 11 up.
|2020-01-23 06:10 PM|
|Luminous||Better to switch to Fiber Optics, Rogers line really sucks not matter Rogers itself or TPIA. Bell's Fiber is undoubtedly expensive, however, I recommend an alternative company that provides Fiber Optics in Condos and Apartments called CIK Telecom: they have their infrastructure in the building so technical support is much more responsive than Bell. Also the price is fair enough, 500m/500m for only $39.99.|
|2019-08-22 09:43 PM|
I ran pfSense for a few months then switched to OPNSense due to some issues with pfSense. OPNSense is a fork of pfSense and therefore very similar but seems to be a little more focused stability rather than adding new features. I've never had an issue with OPNSense. I'm running it on a lightweight PC which has more than enough power and resources. I already had most of the parts so it was cheaper than buying a consumer router.
These days, it looks like a good platform for pfSense or OPNSense is one of the Intel J1900 based mini PCs made to run pfSense. They have 4 gigabit LAN ports built in and can be configured with various hard drive and RAM options as needed. They aren't really cheap but are much less expensive than most preconfigured business routers.
The AV solution I use is very comprehensive and is updated regularly. It blocks questionable sites and scans all content for embedded malware. I'm not saying that DNS blocking or redirection is any better or worse, just that it is redundant for the most part. Both ways adds false positives and I don't want to compound that issue.
|2019-08-22 07:09 PM|
Originally Posted by JamesK View Post
It's a great way to manage DNS with a GUI on the cheap. I really like the versatility of pfSense also. I might use it again one day. Many features work very well, in many cases better than firewalls that costs anywhere between hundreds to tens of thousands of dollars.
|2019-08-22 06:55 PM|
DNSBench does not tell the whole story due to use of RRL or response-rate-limiting, which is a common feature in BIND DNS servers that most techs simply don't know anything about. Most DNS servers should be using this feature to varying degrees, which has a huge impact, negatively or positively, by its configuration. In fact, the configuration of the DNS server alone is the most important factor impacting the performance of a public recursive DNS resolver. You could use DNSBench, which is great software for determining a fast record response and latency of a server from the public side, but the real-world behaviour will vary once you give it a real load from a network, and this is due to the default and custom configured server in relation to total inbound recursive requests plus caching policy of that server. A lot of applications make many unneeded and identical hostname requests and distribute that load across multiple UDP ports, which I believe DNSBench does not account for, but the server would begin to block in many cases where the DNSBench application would only detect that as a latency spike or delayed response, but in reality the server could be dropping the request without a response.
In relation to preventing malware, DNS is the most resource-friendly way to eliminate known malware threats that I've ever come across other than at a security-enabled firewall. AV is only effective if each endpoint is up-to-date and if the AV provider uses blacklists that are up-to-date as well. This means each endpoint has to be managed against the blacklist independently or from the central AV management server. Using the AV method to redirect only mitigates threats at the endpoint which needs to be done x amount of times over and over, where x is the amount of computers that need to connect to the internet. Even if the DNS responds quickly, the endpoint would slow the perceived speed of the internet to the user.
You are correct about the proximity argument. That is true. You can use DNSBench to help isolate the close servers vs the farther ones.
Regarding your second paragraph where you prefaced with "If I were really concerned about privacy". I'm confused because I thought that privacy was your initial concern, which spawned my initial response. I was trying to debunk that notion of privacy that I used to believe myself until I started to run my own public server to see the logs myself.
Regarding Google being able to snoop your data across multiple devices and what not...I am not sure if I mentioned Google apart from their DNS services...not sure if this even comes into play. Regarding their market dominance, though, I'm with you...They are too big and/or I share similar sentiments.
Regarding OpenDNS...they are no different than Google. They collect data. Regarding OpenDNS's performance...I have mixed experiences deploying their DNS in years past depending on the ISP deployed on location. They are a great choice as well, especially if you pay for additional features.
|2019-08-16 09:24 PM|
|2019-08-16 07:53 PM|
I am looking at it from the perspective of Google already slurping too much personal information into their galactic database and just trying to eliminate some of it by reducing the use of their services when possible. I'm well aware that I cannot eliminate Google's snooping entirely due to some of the Google devices and services I do use.
If I were really concerned about privacy then I would use the DNS servers available from a proxy service provider. None of them showed up in the DNSBench server list so I would have some concerns about their reliability and speed, as well as the higher profile using their servers might create.
If I were concerned about rogue sites and malware, I would use a server provided by a company that provides DNS servers specifically designed for that purpose. As it is, I'd rather avoid DNS services that block or redirect DNS requests. That function is already provided by my AV software.
I ran DNSBench to see what servers are currently performing well. A few things have changed. Google's servers no longer are anywhere near the top of the list. Previously they were. As in several previous tests, several OpenDNS servers performed well and it's a fairly well respected service, though it looks like it has new owners. Several Toronto based ISPs, including Rogers, showed up near the top of the list as well. I assume that's due to their proximity.
|2019-08-16 02:38 PM|
Originally Posted by ExDilbert View Post
The point of "privacy" is less applicable when you select an alternate name server, because your name request will be the same needle within a smaller haystack, so a small fry server operator would be more privy to the information if they decided to want to use that data for profit. It's best to use a known reliable server as an alternate along with another server that you also control, if possible. At least with Google's server, your internet request will be more secured from surfing to a known bad and malicious server that Google keeps track of. Almost no other server provides the basic levels of DNS security that Google does for free. Rogers DNS does not provide any additional security features that they make customers aware of, and their servers are abused often times by their own subscriber base.
I understand that people, including myself, might not like Google for various reasons, political or otherwise, but they honestly do run some of the best free public dns resolvers that also correct a lot of internet surfing problems once people configure one of them into their internet devices.
If you are a casual internet surfer, you are better off having your internet request go to Google's vs anyone else, unless you are more comfortable having that other server operator able to see your request much more easily than a Google tech would.
In Linux, all you need to do is run a single command to parse a known IP to watch or output all of their internet requests, and any server running on Unix or Linux has this capability. It all depends on the person that knows how to wield such tools to do what they want to do with the data.
For me personally, I am just trying to run a stable server for the public and for my client's web performance and reduction of malware.
Google for the most part is trying to clean the internet, there's no doubt there's privacy exposure, but almost all operators expose that privacy, internally I hope, so you might as well benefit from theirs, because they at least do some good with theirs. Other operators run theirs irresponsibly, which is why there are so many DNS outages across the country. Many times the outages have nothing to do with the ISP, unless the customer is using a DNS server that ISP operates.
Also even if you run your own DNS, your privacy is still exposed, because your recursive internet requests are examined by the global root servers via root hints. There's no way to completely secure your internet requests unless you create a forward lookup zone for every single internet name imaginable and then by maintaining them all by yourself. The root servers and operator of those root servers are ultimately able to see everything, if they choose to. Running your own server ultimately harnesses a lot of that control.
Just use Google's unless you really are generally bitter about them or want to serve up your own requests yourself or want to permit another large provider to serve up your requests instead. Ultimately, whichever server you configure will be the server that you are permitting to see your internet requests once you hit OK and start surfing.
I say all of this not solely for your viewing, but primarily for others who believe that not using Google's DNS somehow protects them from "privacy", which is a false notion. It's more about who to trust more than anything else.
The winner of your DNS traffic should be to those who run the best servers within the geographical area closest to your internet connected device or network, or have the best response times, but also other more important factors, and the DNSbench tool, as you mentioned is a way to help determine that winner, but it's not everything. Reliability combined with domain and IP blackhole filtering with performance should determine which are the winner DNS servers.
|2019-08-15 08:46 PM|
|ExDilbert||I like to use DNSBench from grc.com to find a good name server and avoid Google's name servers for privacy reasons.|
|2019-08-15 07:31 PM|
I was helping out my brother with his Rogers connection within the past 7 days and fixed his issue. He was getting booted off of Xbox Live on an abnormal basis. I told him to enter in my public DNS server that I operate here in Mississauga as his DNS1 and told him to enter in Google's as his secondary, and his problems went away immediately.
As an independent hobbyist public DNS server operator, I can tell you personally that there are a lot of cloud VPS subscribers primarily based in USA and China who run attack scripts on DNS servers except that they run them from many different IP ranges simultaneously, which completely bypasses the DoS preventative features of DNS servers such as BIND and Microsoft DNS. I was able to help my brother stay online, because I've taken measures by writing a script that proactively blocks the major cloud VPS providers in my DNS configuration file, effectively making my single DNS server to be the best in the country, in my opinion. I'm a Rogers business internet customer, but since I run this server also for local DNS recursive queries, I also did not have any issues. What I did notice though is that most of the public DNS servers in Canada did go down or were inundated with many, many bogus DDoS type DNS queries. public-dns.info lists all the global DNS servers it can scan, and many of the Canadian DNS servers listed lost quite a bit of reliability percentage score. Not mine though.
In your WAN DNS config, just use two different provider's DNS servers. I like to use one from Google's and one from another reliable public provider, but don't make both DNS1 and DNS2 from the same ISP or media type. Do a ping test on both of the ISP provided DNS servers in your ISP's pamphlet....Whichever provides the lowest ping time, just use that as your DNS1 and then use Google's 220.127.116.11 as the other.
|This thread has more than 15 replies. Click here to review the whole thread.|