07-23-2013 4:35 PM
I put a Linksys router behind a Pace 5031NV, in DMZ mode. Everything is connected through the router - working. Started looking at DNS benchmark times & both GRC - DNS Benchmark & google namebench show "current system" DNS servers, for ones entered in the router and the Pace gateway's address - 192.168.1.254.
Not sure I understand how both devices are handling DNS, what the implications are - if they actually are doing that; what to do about it.
Once a device is chosen for DMZ mode & recommended FW settings are changed, I thought it was supposed to "pass through" everything to the DMZ'd device, but maybe the gateway's DNS function is still active?
No way I see to turn off DNS in the gateway; can't remove the addresses.
Any idea what the implications are?
1st 2 addresses ARE the ones entered in the router (which are same as in the gateway).
But, if the router is disconnected (nothing in DMZ mode), then benchmark test(s) (also in Namebench), show only the "192.168.1.254 Local Network Nameserver."
So, at least the TEST seems to think both the router in DMZ & the gateway are handling DNS.
07-23-2013 8:05 PM
Most DNS hosts are configured to know what they've been told to know, and lookup the answer (forward) if asked a question they don't know the answer to, and cache that answer for a while for future requests.
In router behind RG mode, the RG acts as the DHCP server to the router, and provides the router with (1) the public address it should use, (2) the IP address of its gateway router and the (3) address of a DNS host (itself). It should be able to reply with any cached translation faster than any external DNS host can. It will slow down the initial request for a DNS address over what the client could do directly to the DNS hosts it uses, but this is normally made up for in the long run by the cache. If you have a single client behind the RG, well, the client caches make it unnecessary. If you have multiple devices behind the RG, or one that flushes its local cache frequently, then the RG should make real world DNS translation faster.
It may not perform better in an artificial DNS benchmark. That's irrelevant.
07-24-2013 8:15 AM
Thanks for detailed reply. I knew much, but not all of info you discussed. Others will benefit fro your reply, as well. Not sure my questions are answered: are both devices really doing DNS requests (in this setup) or is that just the "appearance" - BECAUSE of the router behind gateway & DMZ setup? AND... is there any way to disable the Pace 5031's DNS function?
For those keeping score, DNS resolving (often) only affects speed the 1st time a page is loaded.
DNS aside, actual testing of page loading times (clearing cache between reloads) w/ only Pace RG & then w/ Linksys behind RG, in DMZ, showed pages RE loaded faster using MY router behind RG, than the RG by itself; multiple repetitions. Sometimes, only by few ms; sometimes from 0.5 - 1+ sec. faster. Will do more future testing.
* "In router behind RG mode, the RG... provides router w/...
(3) address of a DNS host (itself)"
Maybe that's why the RG's router address shows up in the benchmark tests? If, as you said, The RG sends the router behind, it's own "DNS host address" - 192.168.1.254.
That would explain how the Linksys gets the "DNS host - 192.168.1.254," but not the question, are DNS requests are ACTUALLY done by both router behind (in DMZ) & the RG. Maybe I need to read between the lines.
* "It [the RG??] should be able to reply with any cached translation faster than any external DNS host can."
Point taken. Except, I've found no data / docs - anywhere, on how much, if any, DNS info is cached IN THE RG. Nor how long it's stored - in RG (or a router behind). If looking in command prompt, at "ipconfig /displaydns" is an indication, very FEW DNS resolved addresses are stored - < 20 (Vista OS).
* "It will slow down the initial request for a DNS address over what the client could do directly to the DNS hosts it uses, but this is normally made up for in the long run by the cache."
Again, what cache [in?] the RG; how many addresses & for how long? Are there specs on this? This ability could vary (perhaps hugely) by RG brand / models.
* "If you have a single client behind the RG, well, the client caches make it unnecessary."
Meaning?, the client behind (router's) cache makes the RG's DNS function and /or it's DNS cache unnecessary, but which?: (1) w/ router behind, RG still does DNS requests, along w/ router behind?;
(2) w/ router behind, the RG doesn't actually do DNS requests in real operation - perhaps benchmark tests "force" the RG to perform DNS requests, only because it "detects" another DNS host? (3) None of above?
* "If you have multiple devices behind the RG, or one... RG should make real world DNS translation faster."
What evidence / documentation is there that RG abc does DNS requests faster than Router xyz (behind). I've not read every article on the web, but never saw anything mentioned, or provided data, that supports your statement. It may be true, but how did you determine this?
"It [RG - w/ router bhind, in DMZ] may not perform better in an artificial DNS benchmark. That's irrelevant."
Again, how did you determine that? The two best known benchmark tools both show same results: Overall DNS requests are faster through (my) router behind, OR when Windows is set to handle DNS. Documentation is extensive; maybe not enough?
I read several dozen technical articles (on independent sites) on DNS / testing / evaluating results / using the OS to handle DNS vs an RG or a router; none suggested results of different benchmark tools may be irrelevant, in certain cases. There's much to be learned.
If it is irrelevant (sometimes), I'd like to know more - I am trying to learn here. Thanks.
07-24-2013 9:21 AM
A bunch of interesting questions that I don't have time for at the moment, but to try to hit the high points:
As you know, when a piece of client software (Windows PC, whatever) needs a IP address for a name, it normally makes an OS request for name translation. On Windows, the OS looks in its cache first, failing that it looks in its hosts file, failing that it sends a DNS request using TCP/IP to the first DNS host in its list. That DNS host will check its cache if it finds it, it returns it, if it doesn't it forwards it to the DNS host it's been configured to forward requests to (this process repeats until the request gets to an authoritative name server). As responses flow back down this chain, each DNS host will keep the DNS entry in its cache for a configured TTL. The TTL is normally specified by the authoritative name server. After that TTL expires, its removed from the cache and must be retranslated the next time.
Yes, caches have limits and normally use some algorithm to purge old entries that may not have expired, but the DNS host no longer has room to hold on to. The limit may be based upon a number of entries, an amount of memory, or something else depending on the implementation. I can't tell you what that limit is on the Pace 5031. There are registry entries to play with the size of the Windows DNS cache if you'd like to. Google for that, if interested and not afraid to toy with your registry.
Benchmarks are about testing the performance under artificial conditions. In this case, they normally try to flush the OS's DNS cache (or avoid it entirely) so as not to be influenced by what's there... but your next request could have used that cache, so the benchmark is not "real world." They will test an artificial number of hosts names in an arbitrary period, which means things are skewed. Anyway, benchmarks are useful: Yes. Last word: No.
Finally, even if your RG is slow, low on memory and takes a whole millisecond (which it won't) to perform the simplest of cache lookups... guess what? That's 10 times faster than having to wait for your closest DNS server to even get the packet to begin doing its own lookup. If the RG doesn't have it cached, then that is wasted time and it'll have to send a request to another name server. Here is where you might start saving time, if you could direct this request to a closer name server. But you can't affect where RG will send the packet... it's going to the DNS server it's DHCP request told it to go to.
The simplest way to disable the DNS functions of your Pace 5031 RG is to tell your clients to not use it; i.e. change their DNS server IP address to something else. It will simply pass an DNS request targeted at another DNS host through without touching it. You can't stop the RG from handing out its IP address as the DNS resolver when it responds to a DHCP request, but you can manually override that in a lot of clients. Or, if you put your own router behind the RG, you can specify the DNS server it should use, bypassing that of the RG.
Also note that the RG (or a local router) can provide DNS names for nodes in your network that it discovers, which no DNS server outside your home will know.
07-24-2013 3:26 PM
Your reply is informative. It'll help others. Most I knew, some I didn't.
"On Windows, the OS ... sends a DNS request using TCP/IP to the first DNS host in its list." Where's this list? Registry? Do you think it knows I've put a linksys router, in DMZ, behind an RG? In MY setup, do you think Windows sees the router behind an RG, as being "before" the RG; e.g., which device it'll ask 1st for DNS requests (not cached)?
Reading between the lines, ? I got out of that, that the router & RG aren't really DOING DNS requests, at the same time (ONE of my main concerns). That possibly the benchmarks TEST them both, because they both exist, but "the first DNS host in its [OSes] list" (how is that determined / stored?) does the DNS request, if it can; if not, next DNS host. Where's this list?
I have no knowledge of large numbers (>500) of resolved DNS entries, being cached in ANY device. I haven't looked into the WRT54GL or Pace 5031 on that. I'd guess that info on pace / 2wire RG is near impossible to find. I DO know, by default, Vista caches VERY few DNS entries: < 20. You can read them. A pittance - maybe can change default in registry.
I've never come across an article on routers / RGs & ANY amount of caching DNS & I'm no newbie. The OS stores a few. Maybe routers do - never seen it discussed anywhere.
Besides, unless they're storing a 1000 - 5000 entries & ancient ones (HIGHLY doubtful), I don't use a few pages, over & over.
I visit 10 - 100 NEW sites everyday. DNS for them likely won't be cached, meaning speed of DNS servers is more important to me than one using mainly a few sites. And guessing, DNS benchmark results mean more for me than one using mainly a few sites.
"Anyway, benchmarks are useful: Yes. Last word: No."
Problem I have (or, maybe not): The "fastest" DNS servers in benchmark tests (both DNS Benchmark & Namebench) ARE the SAME ones automatically used / entered in the Pace / 2wire gateways: 188.8.131.52 is main one (an ATT server). It's considerably faster than any others found / tested by both benchmark tools. Seemed logical to also use fastest ones in the router behind RG.
BUT, before I put Linksys behind RG, benchmarks showed RG's DNS times coming from 192.168.1.254 - where RG is USING same 184.108.40.206 server, were MUCH slower than times from the Linksys, after putting it in DMZ, using SAME DNS server 220.127.116.11
(Using RG only, 192.168.1.254 indicated by benchmark as DNS host "used by system").
** Two different devices; Same DNS servers, two different speeds.
Why would one want to enter different, SLOWER DNS servers in a router - in DMZ (vs ones "automatically" entered in the RG?). Or enter different (& slower) servers in the OS? Unless, the router in DMZ & the RG really ARE doing simultaneous DNS requests.
I or benchmark toolS could be way off, but appears the Linksys HARDWARE / FIRMWARE is faster than Pace RG (WAY faster than 3600HGV) at handling DNS requests, when using SAME DNS servers. Is that surprising?
Plus, repeated page loading (5x) on different days / times, on many major sites, clearing cache before reloads, shows Linksys is faster than the RG at reloading most pages.