The Fourth Place

One of the most irritating things about being a geek (though far from the most irritating thing) is becoming annoyed with apparently foolish or below par performances from technical widgets. What gets you is that you know exactly what’s wrong, it all seems apparently obvious that either a) its simple and common and should have been prevented or fixed already or b) that the hazard was so clearly obvious that it should have received a higher priority. Today, I’m talking about the internet’s obvious single point of failure: DNS.

Have you ever noticed that Firefox is sitting there apparently inactive (translation: nothing is flashing) with a status bar message like “Looking up feelitlive.com…” despite the fact that you looked it up just fine a few minutes earlier? You want to find out whats on and go out, not debug your network, so you never investigate it and never call your ISP because it does work eventually and ISPs use call queuing technology rather than investing in extra human beings.

Anyway, this malady affected some of my favourite political blogs on the night of the US election and it didn’t take much F5 bashing to work out that popular sites like sky.com worked fine and less popular sites worked slowly and really niche market sites like er… ubuntu.wordpress.com, for example, didn’t work at all. Since it was election night I wasn’t going anywhere so I called O2 to have them confirm the obvious – a DNS server somewhere on BTs network was broken and local caches were only populated with the more frequently hit domains so that was all you got. Hmmnn… big event happening, everyone looking for news? Might it get busy on the web? Do you think?

I figured, “this is stupid, I visited the site earlier, why doesn’t my computer keep the IP address and re-use it?” I wanted a DNS cache! That way, my ISP’s DNS service only needed to work once and I would be protected from such foolishness.

The techy bit…

Luckily, the article I wanted was in Google’s cache (accessed using an IP number not a DNS name, so working just fine…)  but its proper URL is http://ubuntu.wordpress.com/2006/08/02/local-dns-cache-for-faster-browsing/

The article is a little over complicated for a laptop user, since most laptop users know the button to reset their wireless connection and aren’t DSL users as such either. I got away with simply installing dnsmasq using Synaptic Package Manager and editing two files using “sudo vim <filename>”.

First I opened /etc/dnsmasq.conf and uncommented the line:

#listen-address=

and entered my loopback IP so it looked like:

listen-address=127.0.0.1

You can also listen on the loopback interface “lo” by editing the line above instead, if you prefer.

Then in /etc/dhcp3/dhclient.conf I found the line:

#prepend domain-name-servers 127.0.0.1;

and removed the “#” to make it active:

prepend domain-name-servers 127.0.0.1;

I gave dnsmasq a precautionary restart with:

sudo /etc/init.d/dnsmasq restart

and after pressing the button to reset my wireless connection – which on Ubuntu is the little blue bar chart thing on the bar at the top right, followed by the little blue round widget for the network your on.

Anyway, that clearly didn’t work because the ISPs DNS server didn’t work at all for the little web sites, so reducing the minimum to having it work one time was still too high a burden on the overloaded machinery.  I didn’t find a solution until just now, after another server blip. OpenDNS allow you to use their DNS servers for free, no questions asked, but with a DNS cache installed it seems silly to use the OpenDNS server as the main server.

Luckily, there is a command to append the OpenDNS servers to the end of your nameservers list, it goes in the file /etc/dhcp3/dhclient.conf :

append domain-name-servers 208.67.222.222,208.67.220.220;

When I checked resolve.conf I saw the .222 address listed at the end, and the .220 server had vanished, but I still have a local cache, and two independent nameservers and my blip is gone, so am quite content (Jaunty doesn’t have this issue, but doesn’t guarantee it’ll try every DNS listed)

Extra dnsmasq.conf tweaks:

Uncomment (make active) line 406 to stop failures being permanent:

no-negcache

If one of your upstream DNS providers has executed an immoral land grab on unregistered domains (a la Verisign) then list their IPs likewise (see line 420):

bogus-nxdomain=64.94.110.11

Note that I don’t put Open DNS in that category, they are giving you something free on certain conditions, its up to you to obey those conditions. It is useful and proper to list Open DNS like this if there is a temporary problem with their redirections, otherwise you are basically stealing. I use this on a network where simple hostnames like “fredspc” don’t resolve on the first attempt.