Re: netstat performance
On Tue 05 Jul 2011 at 18:13:06 -0400, William Hopkins wrote:
> The primary reasons are 1) reliability separate from your ISP and 2) verified
> correct results without NXDOMAIN spam and other such things. For 1, although
> your ISPs routers may be up their DNS may go down or become incorrectly
> configured, and then you wouldn't be able to browse or use most internet
> services. For 2, you cannot trust your ISP to give you accurate results..
> NXDOMAIN spam is almost universal now and in many cases ISPs have been caught
> blocking websites via DNS resolution which is in a very grey legal area in the
> US, but I consider blatantly unethical. Both of these reasons apply whether you
> have one box or one hundred. The DNSsec issue also plays into 'you can't trust
> ISPs' and applies, but I won't go into it, this is a wall of text as it is.
I'm not overly bothered about my home ISP (yet). Response times to a
query are of the order of 26 ms and overall they are reliable and, from
their track record, trustworthy. But the market evolves so . . .
Away from them the experiences you relate in 1) and 2) are not unknown to
me. Some ISPs even attempt directing all port 53 traffic through their
own servers. Tunnelling to a trusted home machine comes in useful there.
And setting up a basic nameserver is so easy. From memory - install BIND9
and put 'nameserver 127.0.0.1' in /etc/resolv.conf. Actually, resolv.conf
can even be empty! Ok, there may have to some fiddling with dhclient.conf
but it is not hard.