GleSYS, Y U NO DNS?
... or why DNS lookups are a dangerous thing.
At my current employer we specialize in making campaigns, and this particular one is a Facebook Canvas type of thing, meaning we talk to the Facebook API.
It turns out though, one day after launching the campaign, that the local DNS resolver is sometimes unable to resolve the name facebook.com or graph.facebook.com in a timely fashion.
Looking into the matter I wrote a script for benchmarking the performance of socket.gethostbyaddr(), for your convenience as well as future reference:
#!/usr/bin/env python2.6 import sys, time, socket ts = [] def test_host(h): t0 = time.time() try: socket.gethostbyaddr(h) except: print "resolve failed", repr(h) ts.append(time.time() - t0) def avg(L): return sum(L)/float(len(L)) def med(L): L=list(sorted(L)) if len(L)&1: return L[int(len(L)/2)] else: return (L[int(len(L)/2)-1]+L[int(len(L)/2)])/2.0 t0 = time.time() test_host("facebook.com") test_host("www.facebook.com") test_host("graph.facebook.com") test_host("api.facebook.com") test_host("api-read.facebook.com") test_host("api-video.facebook.com") print "started %.2f, completed in %.2f" % (t0, time.time() - t0) print "slowest %.4f, fastest %.4f" % (max(ts), min(ts)) print "median %.4f, average %.4f" % (med(ts), avg(ts))
We use GleSYS for our VPS needs, which is a common provider in Sweden. Guess what their DNS performance looks like? Sometimes it takes up to 40 seconds for them to resolve facebook.com, when two seconds earlier they could answer the query in under 1ms.
For now I just chucked the relevant hostnames into /etc/hosts, so: I could use a tip on a lightweight recursive DNS server! (Not BIND or djbdns.)
You could use some publicly available resolver, such as Google Public DNS.
What with the reluctance toward BIND and djbdns?
I tend to use unbound - a validating, recursive, and caching DNS resolver.
Very fast, easy to "tweak" to suit local server conditions - and appears to be rock solid security-wise
http://unbound.net/
Check out http://unbound.net
Maybe deadwood (from maradns author), or pdns-recursor.
I recommend http://unbound.net/
maybe you should try google dns services:
http://code.google.com/speed/public-dns/
I bet they should be quick enough for you
You could try unbound (http://unbound.net/). It's quite good, has full support for DNSSEC, and the developers are very responsive.
Interesting post!
Perhaps Dnsmasq (http://thekelleys.org.uk/dnsmasq/doc.html) would suit your needs. You would of course need to disable the dhcp functionality.
How about dnsmasq? It's not standalone, but at least it'll cache.
I think I may've used MaraDNS for this purpose a long time ago; then switched back to bind just to reduce my mental load (I had to use bind elsewhere).
If you are looking for a recursive you can host locally you can take a look at powerdns http://www.powerdns.com/ or unbound http://unbound.net/ or you point at one of the many free open recursives. UltraDNS has one at 156.154.70.1 or google at 8.8.8.8.
If your code is strictly python, take a look at http://www.dnspython.org/ which allows you to specify the resolver used
Hi,
I'd like to know why you do not want to use djbdns (dnscache). You must know something I don't!
Thanks
You could try Dnsmasq (forwarder, but many features):
http://thekelleys.org.uk/dnsmasq/doc.html
or Unbound (I have not tried this one, but came across it recently):
http://unbound.net/
We think we have found the issue. Could you please send us an email with your account number and we can check if the problem also was related to your server?
Try Twisted Names (DNS server in Python).
I used to use pdnsd: http://www.phys.uu.nl/~rombouts/pdnsd/faq.html
It is in debian.
8.8.8.8; 8.8.4.4
http://code.google.com/speed/public-dns/docs/using.html
If the VPS is running Ubuntu, you might check this out. I found this fixed slow DNS lookups for me:
http://www.ubuntugeek.com/how-to-disable-ipv6-in-ubuntu.html
