Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | (show all)   Print Thread
Standard User arendall667
(regular) Mon 23-Dec-13 06:26:41
Print Post

Open DNS blocking some BBC DNS addresses


[link to this post]
 
If anyone who is using Open DNS finds that pages from the BBC start to look odd this is because Open DNS are blocking one of their domains due to a reported threat.

A way to check this is (in Chrome) to try to open the image URL from the broken image graphic. You should then get a page from Open DNS telling you this is blocked.

Think the domain in question is static.bbci.co.uk but can't check as I have changed my DNS to Google which fixed the problem.

Regards

Anthony
Standard User kevinwilson
(newbie) Mon 23-Dec-13 10:33:23
Print Post

Re: Open DNS blocking some BBC DNS addresses


[re: arendall667] [link to this post]
 
Thanks for the information. I spent ages trying to work out what was causing the problem, but have now changed DNS servers and it's fixed it.
Standard User caffn8me
(knowledge is power) Mon 23-Dec-13 10:47:33
Print Post

Re: Open DNS blocking some BBC DNS addresses


[re: arendall667] [link to this post]
 
You might find the following article interesting;

Get your DNS in order!

There can be significant performance hits beyond increased lookup time by using a remote third party DNS server compared to your own or your ISP's.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs


Register (or login) on our website and you will not see this ad.

Standard User bobble_bob
(fountain of knowledge) Mon 23-Dec-13 17:38:01
Print Post

Re: Open DNS blocking some BBC DNS addresses


[re: caffn8me] [link to this post]
 
I found using opendns made browsing slightly faster, although i guess it depends how good/bad your ISPs DNS servers are
Standard User PeterProxy
(newbie) Mon 23-Dec-13 19:28:55
Print Post

Re: Open DNS blocking some BBC DNS addresses


[re: caffn8me] [link to this post]
 
In reply to a post by caffn8me:
You might find the following article interesting;

Get your DNS in order!

There can be significant performance hits beyond increased lookup time by using a remote third party DNS server compared to your own or your ISP's.


Namebench will tell you which is fastest for you..
https://code.google.com/p/namebench/
Standard User caffn8me
(knowledge is power) Tue 24-Dec-13 07:02:09
Print Post

Re: Open DNS blocking some BBC DNS addresses


[re: PeterProxy] [link to this post]
 
I run my own DNS servers so they are probably the fastest smile

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Standard User Pipexer
(eat-sleep-adslguide) Tue 24-Dec-13 14:52:44
Print Post

Re: Open DNS blocking some BBC DNS addresses


[re: caffn8me] [link to this post]
 
In reply to a post by caffn8me:
I run my own DNS servers so they are probably the fastest smile

Well yes but where do they get their DNS information from, the root servers?

Zen 8000 Pro
Standard User caffn8me
(knowledge is power) Tue 24-Dec-13 15:45:49
Print Post

Re: Open DNS blocking some BBC DNS addresses


[re: Pipexer] [link to this post]
 
There is a local "hint" file which directs the server to the root servers and my server will then query whichever DNS server is authoritative for each domain lookup requested. It works in exactly the same way as most ISPs' nameservers.

My laptop runs BIND on bootup so my DNS server for my laptop is 127.0.0.1

This works most of the time but some wi-fi hotspots block clients from using any DNS except their own.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Standard User Pipexer
(eat-sleep-adslguide) Tue 24-Dec-13 19:44:57
Print Post

Re: Open DNS blocking some BBC DNS addresses


[re: caffn8me] [link to this post]
 
I also run my own DNS server (in the sense a configurable one.... technically most people are actually running a DNS server at home i.e., their router), but I found that using Zen DNS as a forwarder was consisderably quicker than using the root hints, so that's what I do.

Zen 8000 Pro
Standard User mixt
(experienced) Tue 24-Dec-13 21:17:35
Print Post

Re: Open DNS blocking some BBC DNS addresses


[re: Pipexer] [link to this post]
 
I found that using Zen DNS as a forwarder was considerably quicker than using the root hints, so that's what I do.

Having thought about why this would be faster, I think I see why you have done this. Basically, you're using the assumption that most other Zen customers will be using Zen name servers, and that most other customers will be visiting the same sites as you (Facebook, YouTube, Twitter etc), from the same geographical location (UK, obviously) as yourself. Thus, when the cache expires on your local network resolver, it will forward the request to Zen (very close). Zen will most likely already have a cached result to send back to you from other customers' browsing requests, so you get a fast reply back to your resolver and LAN clients.

Just using a stand alone caching root/hint server setup (like I do), this extra layer of querying is unlikely to be of the same volume so more often than not, when cache does expire for a site, a root/hint resolver will have to go all the way back to the root servers again to return a lookup once more. Granted, this lookup delay is only going to occur once every one to three days (TTL of root servers), but it will happen more often on that setup compared to a DNS forwarding one like you have.

Food for thought I guess. The only thing I don't like about a forwarding setup is that I'm relying on servers I don't have control over. At least I know when something isn't loading (due to DNS), it's more than likely my fault (to have all 13 root servers to be out of service is almost a complete impossibility).

All in all, I would say your setup is probably -the- best possible setup to have in terms of speed, provided Zen's name servers remain 100% reliable. A direct local root/hint resolver would come second.

Now on <aaisp.net> (21CN+IPv6+40Mb/FTTC)
Previous ISPs: Virgin Media (50Mb/Cable), Be* Un Limited, ZeN
Is Linux routing your internet connection?
Need to make BIND geo-aware?

Edited by mixt (Tue 24-Dec-13 21:18:39)

Pages in this thread: 1 | 2 | (show all)   Print Thread

Jump to