I made the internet faster for you, but I may have to slow it down due to Apple.
Yes, there was a 1 minute 30 second blip at 11:54PM on Sat evening due to this topic. Sorry, it was for the better of all.
Over the weekend we had a handful of homes have connectivity issues which I rooted down to DNS problems with CloudFlare’s public DNS service, which is what I point people to by default for their home router. I like CloudFlare 1.0.0.2 and 1.1.1.2 service because it actively blocks malicious sites that are known for phishing to intercept your data. The database gets updated every 15 minutes. It has been my primary DNS service for your home since 2021. My backup is the Big G (google DNS 8.8.8.8) Yeah, they claim they don’t track you. But really?
What is DNS? It is the software that converts a website name like www.google.com to a number like 2607:f8b0:400a:80b::2004.
Without DNS you are offline. Period. Even if your “WAN” link is up, and you can “Ping” specific devices, without DNS, nothing works.
Any public DNS resolver is “allowed” to not reply to a DNS query, based on load, mood, program, whatever. There is always a chance your lookup fails. It is common. Each lookup failure is a perceptible delay for you at your home, as you have to wait for the DNS query to timeout before your router tries it’s backup service (we use 1.0.0.2 and 8.8.8.8)
Our core router is able to function as a DNS forwarding cache. Previously I had turned it off and sent all DNS queries straight to the Big G or CloudFlare, figuring across 1,200 users how effective would a cache be?
The answer floored me. My cache is responding to 50% of the DNS queries. Each cache response is a 100% response on the first try, at sub one millisecond latency. Normal DNS queries are on the order of 28-45 milliseconds.
A beautiful privacy hack is that since my router is doing the DNS queries for you, the DNS lookups of 1,200 customers are being “intermixed”; there is no way Google can determine which DNS query is for which subscriber. I am increasing your privacy by mixing your traffic with all the neighbors.
I expect you are noticing that the internet seems faster today than on Friday. I am noticing it at home (We serve our own home)
As with all things in life, no good deed goes unpunished. Apple considers my use of a DNS cache a privacy issue because I can only cache unencrypted DNS queries. Apple never considered the possibility that an ISP actually is doing this because the ISP cares about their customers and absolutely will not (cannot in my case) harvest DNS data but rather wants the customer to have the best experience and privacy possible.
So in the end of the day, I may have to go back to the old ways if I cannot figure out a way to avoid Apple iPhone / mac users getting a “DNS privacy warning” on their devices.
Here is the statistics after 24 hours. There have been 60,000 queries that “failed” when our core router asked for a lookup. Due to the cache, at least 50% of those failures didn’t matter. Result? Faster internet for you.
Check out DNS entries removed before expiration. These are the least recently used entries. It is less than 4,000. This means 6,000 entries in the cache are being reused multiple times as this number barely changed after 12 hours. Each of these “hits” is invisible to those big data companies in the cloud.
Wait, what? Net253 is improving our service and not charging more? What insane business model is that!???
253CoreX:~$ show dns forwarding statistics----------------Cache statistics----------------Cache size: 10000Queries forwarded: 3222770Queries answered locally: 2912485Total DNS entries inserted into cache: 6297801DNS entries removed from cache before expiry: 38101---------------------Nameserver statistics---------------------Server: 1.1.1.2Queries sent: 857855Queries retried or failed: 9553Server: 8.8.4.4Queries sent: 582182Queries retried or failed: 5386Server: 8.8.8.8Queries sent: 1190739Queries retried or failed: 13445Server: 1.0.0.2Queries sent: 940536Queries retried or failed: 12693