THOUGHTS : Virgin Media DNS servers

So I have a grudge against the Virgin Media DNS servers, in the fact they are some of the slowest I have ever experienced.

While I respect the fact that I could buy a separate router and configure the DNS servers on that, and run the superhub in modem mode to enhance my experience, I cannot afford to do that at the moment. Wouldn't it be better for Virgin Media, as they have partnered with Google to power their email platform to preconfigure the Superhub with the Google Public DNS servers, which happen to be some of the fastest around?!

Or am I talking nonsense?

Unfortunately the nanny state will not allow that. On behalf of the state VM are expected to nanny your web browsing and protect you from 'harmful' sites. They couldn't do this if they used Google's DNS.

I'm pretty sure they could create a whitelist and blacklist. Or use OpenDNS servers which are again quite fast and reliable.

In reply to a post by Daemon66:

Unfortunately the nanny state will not allow that. On behalf of the state VM are expected to nanny your web browsing and protect you from 'harmful' sites. They couldn't do this if they used Google's DNS.

They can do it fine regardless of the DNS being used in the same manner they implement the IWF watch list.

Configure your local clients to use 8.8.8.8 instead of getting DNS from DHCP. I find their DNS to be acceptable. 194.168.4.100 is only 4 hops away for me and latency always around 10ms.

While I fully respect changing the DNS on all devices, it's not possible on Android devices, without really digging deep. I'd prefer to have it done at point of connection, instead of device level. Hey ho, will just have to save up and grab the Nighthawk 7000.

The IWF and other legislative blocking is different because it applies to all connections and hence is done at a lower level. This is not the same as the nanny blocking that you can actually opt-out of on an individual basis. VM need you to use their DNS by default so that they can offer this type of per-customer blocking. They can't redirect to someone else's DNS because they wouldn't then have per-customer control of the settings.

It would be interesting to see them offer OpenDNS as an option but I'm not sure whether it would satisfy their legal requirements - it might do.

Ah I misunderstood 'harmful' sites as referring to sites blocked by court order rather than the babysitting service.

My bad!

I'd like the option to choose from alternative DNS servers that Virgin Media would work in partnership with, as I have opted out of the babysitting stuff. The court orders are still in affect no matter what DNS servers are used.

Yes - those use the same proxies as the kiddie porn filters.

Looking through the forums, it appears that there is a change to deep packet inspection to filter traffic heading to the court banned websites.

They resolve the IP addresses of the sites and put routes onto their network to ensure traffic heading to those IP addresses goes through proxies.

Avoidable via a VPN only as far as I'm aware.

I'm not trying to avoid the banned website list, just want websites to resolve quicker.

In reply to a post by Daemon66:

The IWF and other legislative blocking is different because it applies to all connections and hence is done at a lower level. This is not the same as the nanny blocking that you can actually opt-out of on an individual basis.

IWF blocking is not mandatory The big ISP's subscribe to the IWF on a voluntary basis , And often due to the way some ISP's implement this form of web blocking does frequently result in over blocking ,

The babysitting service doesn't depend on client DNS either.

In reply to a post by Sark:

The babysitting service doesn't depend on client DNS either.

If you have the time would you post a bit of information?

I am aware of how the IWF filter works but unsure on the babysitting.

All I know is that if you enable the babysitter it doesn't matter what DNS server you are using the blocker still works. Try it yourself, it only takes a second to enable on your Virgin account page and another second to disable it again.

In reply to a post by Sark:

All I know is that if you enable the babysitter it doesn't matter what DNS server you are using the blocker still works. Try it yourself, it only takes a second to enable on your Virgin account page and another second to disable it again.

Never mind you just reminded me - VM play games with customer DNS if babysitting is enabled so you go through their servers whatever you set on your routers / PCs

The issue of VM censorship would be a valid reason to change but I'm curious how the speed of anyone's DNS servers can matter. I'm not a VM customer but unless their servers are taking significant fractions of a second to respond I can't see the problem. Your computer(s) will probably be caching the results anyway - it's not like you'll be firing off hundreds of queries a second. It's more likely to be half a dozen an hour. If that.

In reply to a post by Andrue:

The issue of VM censorship would be a valid reason to change but I'm curious how the speed of anyone's DNS servers can matter. I'm not a VM customer but unless their servers are taking significant fractions of a second to respond I can't see the problem. Your computer(s) will probably be caching the results anyway - it's not like you'll be firing off hundreds of queries a second. It's more likely to be half a dozen an hour. If that.

I'm finding that VM DNS are slower when using my Xbox One, takes ages to join a party or join a server. Changing the Xbox One to Google PDNS or Level3 drastically improves the times. I'm also finding that replacing the DNS servers on the PC will cause pages to instantly render websites and not take 10-15 seconds.

I'm using namebench to accurately track DNS resolution speeds and Virgin's are on average 65% slower than other providers.

In reply to a post by Bryer:

I'm finding that VM DNS are slower when using my Xbox One, takes ages to join a party or join a server. Changing the Xbox One to Google PDNS or Level3 drastically improves the times. I'm also finding that replacing the DNS servers on the PC will cause pages to instantly render websites and not take 10-15 seconds.

I'm using namebench to accurately track DNS resolution speeds and Virgin's are on average 65% slower than other providers.

Most odd. Even at 65% slower DNS queries just aren't sent that often. DNS is only the computer equivalent of directory enquries. Modern OSes cache the results anyway subject to the TTL for a given domain. From a Windows command line 'ipconfig/displaydns' will show you the current cache. Most domains have a TTL of many minutes - some several days.

A computer just shouldn't need to issue DNS requests any more often than you or I might need directory enquiries. I'm also surprised that the XBox uses DNS when joining a party. I'd have thought the look up was handled by the XBox service since most players won't have a domain or static IP address so can't be looked up on DNS.

Edited by Andrue (Thu 23-Apr-15 17:01:11)

I know where you are coming from Andrue but look at quite a simple page like this one - 11 different hosts! (Note: Can be reduced if you ad-block.)

Many DNS entries are also very dynamic these days having TTLs in the seconds so host/router caching only helps a little even if you linger on one site for a while. The low TTLs allow CDNs and other systems to load-balance easier.

But as for it affecting Xbox gaming - that does seem strange and I haven't a clue as to why that might be.

As above, you can change the DNS locally on your clients regardless of OS. That said, I'd be looking to OpenNIC free and open DNS servers if I wasn't running my own on dedicated servers (which I am). You can search for servers local to you (I used the UK ones in the past and they're decent).

Virgin Media (and other ISPs) are now obligated to log all your browsing and communications use and report these to the intelligence communities. That's your sites visited, emails, calls etc. Using VM's DNS gives just one easy way for them to accomplish this. No thanks! As for Google's DNS. Well, yeah they're fast. But they also belong to the biggest collector and amalgamator of personal data on the planet. You may as well stick a label saying 'profile me and sell/share my metadata please' to your desk.

Everyone should be using a zero knowledge VPN anyway, these days. If you haven't read the revelations about TrapWire, Tempora, PRISM and so on then you really should. If you have and still don't shield yourself then you probably didn't understand them, so read them again lol. If nothing else a good VPN is a great way to bypass not only censorship and profiling/logging from ISPs and the state, but also allows you to bypass VM's slow nodes and broken YouTube CDN.

In reply to a post by RainmakerRaw:

Virgin Media (and other ISPs) are now obligated to log all your browsing and communications use and report these to the intelligence communities.

Please stop spreading disinformation to further your own agenda, whatever that is. There is no obligation anything like that and nothing to that degree has even been proposed. What proposals there were, were rejected.

In reply to a post by RainmakerRaw:

Everyone should be using a zero knowledge VPN anyway, these days

to hide their illegal activities. Fixed it for you.

In reply to a post by RainmakerRaw:

Everyone should be using a zero knowledge VPN anyway, these days.

Why? Next thing you'll be telling everyone to walk around with a bag over their head and cover up their vehicle number plates.

Virgin Media (and other ISPs) are now obligated to log all your browsing and communications use and report these to the intelligence communities.

https://www.openrightsgroup.org/blog/2014/demand-you...

In any case it would only be sent on request probably as the result of a court order. The intelligence services and Police have more than enough on their plate as it is without trying monitor the entire population. They will be operating on an intelligence based methodology where people are monitored only if/when they do something that raises a red flag. Like 95% of the population it's unlikely that you will ever do anything of any interest to the government. As long as you pay your taxes and keep your nose clean you'll be fine.

I have no agenda, I'm simply stating a fact. One only has to read the documents provided by Snowden, or earlier by former NSA director Thomas Drake to see that it's an everyday occurrence. What the ISPs don't collect directly, Tempora (and PRISM) fills in. The argument that you'll be fine if you do nothing wrong is spurious and ignores the real issue. It's the same as saying 'You have nothing to fear if you've got nothing to hide' - a quote originally spoken by none other than the Nazi Goebbels.

By encrypting your data as a matter of course, en masse as a population, you make it harder for the establishment to collate and retroactively comb through your personal life. Wanting your entitlement to privacy and encouraging others to be careful of what they give away about themselves to spying isn't an agenda, it's an expression of freedom. If you're not bothered by your data being collected and combed through by the five eyes and others, that's your prerogative, but please don't round on someone who agrees with the majority in thinking it's a massive invasion of privacy with potential for abuse down the line.

If nothing else, as I pointed out above, using a VPN bypasses VM's awful YouTube CDN which is broken and slow. Accusing someone of carrying out illegal activities just because they use a VPN and want their personal data to remain... well... personal is hilarious. And you guys talk to me about FUD. I have no beef with you, I simply stated an opinion based on what the world knows about the state of governments spying on its citizens.

In reply to a post by RainmakerRaw:

I have no agenda, I'm simply stating a fact.

No, you claimed there was an obligation on ISPs where there is none.

In reply to a post by RainmakerRaw:

'You have nothing to fear if you've got nothing to hide' - a quote originally spoken by none other than the Nazi Goebbels.

LOL, you know your arguments have failed when you resort to bringing up the Nazis (even fallaciously). That particular straw-man is often put up by privacy advocates as it is deliberately easy to knock down, I've never actually seen it used by anyone as a defense for intrusion.
I have lots that I like to keep private and I do, none of it is illegal, but then none of it is out on the public internet either. VPNs have their place but paranoid fantasies help no one.

In reply to a post by Daemon66:

In reply to a post by RainmakerRaw:

I have no agenda, I'm simply stating a fact.

No, you claimed there was an obligation on ISPs where there is none.

In reply to a post by RainmakerRaw:

'You have nothing to fear if you've got nothing to hide' - a quote originally spoken by none other than the Nazi Goebbels.

LOL, you know your arguments have failed when you resort to bringing up the Nazis (even fallaciously). That particular straw-man is often put up by privacy advocates as it is deliberately easy to knock down, I've never actually seen it used by anyone as a defense for intrusion.
I have lots that I like to keep private and I do, none of it is illegal, but then none of it is out on the public internet either. VPNs have their place but paranoid fantasies help no one.

As linked by Andrue above, the UK government asked ISPs to continue the logging despite the EU ruling, and the main ones - including VM - continue to do so. The first post by Andrue above was very much in line with the Goebbels quote. As such it's clear that actually I didn't "bring it up", I simply pointed out that someone else had, so your comments about my points are not only irrelevant but themselves a strawman. My points regarding the right to privacy and the efficacy of openvpn stand, and I note you have been so busy trying to make me sound stupid you haven't actually addressed any of them. I'm out, have a good afternoon.

this problem has been made much worse by the fact many modern sites, especially ones with adverts will often have a dozen or more hostnames when loading the page.

There is 2 prime reasons for this.

1 - adverts and tracking, most websites that are popular, tend to be loaded with tracking and/or adverts. Using an adblocker type filter will mitigate this problem. (also to add, that widgets like twitter are more popular now as well)
2 - So callled optimisation, for some reason mainly due to google advice, its seen as optimal to split requests into different hostnames, so e.g. if there is 20 images on a page, split them across 5 different hostnames so 4 load from each hostname. This supposedbly improves performance, as it makes the browser open more parallel connections.
However in my view as someone who manages server performance, it is detrimental, as it goes against the keep-alive principal, it takes time and resources to open and establish new connections and of course it requires more dns lookups.

Although pc's and browsers (and routers if configured) have dns cache's they are not that big and browsing one website alone can easily have 20 hostnames, so cached hostnames will frequently be pushed out the cache way before ttl expires.

Edited by Chrysalis (Mon 27-Apr-15 21:32:39)

In reply to a post by Andrue:

In reply to a post by Bryer:

I'm finding that VM DNS are slower when using my Xbox One, takes ages to join a party or join a server. Changing the Xbox One to Google PDNS or Level3 drastically improves the times. I'm also finding that replacing the DNS servers on the PC will cause pages to instantly render websites and not take 10-15 seconds.

I'm using namebench to accurately track DNS resolution speeds and Virgin's are on average 65% slower than other providers.

Most odd. Even at 65% slower DNS queries just aren't sent that often. DNS is only the computer equivalent of directory enquries. Modern OSes cache the results anyway subject to the TTL for a given domain. From a Windows command line 'ipconfig/displaydns' will show you the current cache. Most domains have a TTL of many minutes - some several days.

A computer just shouldn't need to issue DNS requests any more often than you or I might need directory enquiries. I'm also surprised that the XBox uses DNS when joining a party. I'd have thought the look up was handled by the XBox service since most players won't have a domain or static IP address so can't be looked up on DNS.

Actually DNS performance is a big deal and has a significant bearing on the performance of a service. The difference in responsiveness for various services is quite noticeable when DNS is poor. Don't underestimate the importance of robust DNS.