2017/11/21

IBM DNS 9.9.9.9 測試

看到新聞:「IBM宣布推出免費DNS轉址服務 Quad9,只要將DNS伺服器設為9.9.9.9 即可阻擋惡意網站」,聽起來頗有趣的,所以玩了一下。



我這邊比較偏重 DNS 回應速度,自家機器在中華電信的線路上,先用 168.95.1.1 來看回應速度:
johnroyer@box:~$ ping -c 5 168.95.1.1
PING 168.95.1.1 (168.95.1.1) 56(84) bytes of data.
64 bytes from 168.95.1.1: icmp_seq=1 ttl=247 time=11.5 ms
64 bytes from 168.95.1.1: icmp_seq=2 ttl=247 time=11.8 ms
64 bytes from 168.95.1.1: icmp_seq=3 ttl=247 time=11.9 ms
64 bytes from 168.95.1.1: icmp_seq=4 ttl=247 time=10.5 ms
64 bytes from 168.95.1.1: icmp_seq=5 ttl=247 time=10.3 ms
--- 168.95.1.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4008ms
rtt min/avg/max/mdev = 10.377/11.248/11.921/0.664 ms

再來看看 Google DNS 8.8.8.8:
johnroyer@box:~$ ping -c 5 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=26.1 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=57 time=28.7 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=57 time=22.0 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=57 time=15.7 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=57 time=33.0 ms
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4008ms
rtt min/avg/max/mdev = 15.702/25.163/33.086/5.935 ms


最後看一下 9.9.9.9 的回應速度:
johnroyer@box:~$ ping -c 5 9.9.9.9
PING 9.9.9.9 (9.9.9.9) 56(84) bytes of data.
64 bytes from 9.9.9.9: icmp_seq=1 ttl=52 time=108 ms
64 bytes from 9.9.9.9: icmp_seq=2 ttl=52 time=107 ms
64 bytes from 9.9.9.9: icmp_seq=3 ttl=52 time=108 ms
64 bytes from 9.9.9.9: icmp_seq=4 ttl=52 time=113 ms
64 bytes from 9.9.9.9: icmp_seq=5 ttl=52 time=108 ms
--- 9.9.9.9 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4007ms
rtt min/avg/max/mdev = 107.934/109.402/113.095/1.905 ms

目前 9.9.9.9 的回應速度還差了一個數量級,所以如果瀏覽器開一個結構比較複雜的網頁,說不定開啟速度會慢到一秒。然後我比較希望有病毒樣本,所以不希望那麼安全的 DNS (拖走)



另外,速度比較慢的原因可能是網路節點問題。用 mtr 掃了一下 route:
                             My traceroute  [v0.85]
box (0.0.0.0)                                          Tue Nov 21 14:51:00 2017
Keys:  Help   Display mode   Restart statistics   Order of fields   quit
                                       Packets               Pings
 Host                                Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. 192.168.0.1                       0.0%     4    0.5   0.9   0.4   1.8   0.0
 2. h254.s98.ts.hinet.net             0.0%     4    9.1   9.7   9.1  11.0   0.6
 3. hc-c6r1.router.hinet.net          0.0%     4    8.7   9.2   8.7   9.8   0.0
 4. sczs-3202.hinet.net               0.0%     4    8.6  11.9   8.6  20.4   5.7
 5. TPDT-3012.hinet.net               0.0%     3   13.0  13.6  13.0  14.7   0.7
 6. 220-128-14-90.HINET-IP.hinet.net  0.0%     3   11.2  23.0  11.2  46.7  20.5
 7. pcpd-3212.hinet.net               0.0%     3   10.9  11.3  10.9  11.8   0.0
 8. pcpd-3211.hinet.net               0.0%     3   11.7  13.4  10.5  18.0   4.0
 9. 72.14.202.178                     0.0%     3   10.3  11.2  10.3  12.0   0.7
10. 108.170.244.129                   0.0%     3   12.4  11.6  10.9  12.4   0.0
11. 72.14.238.189                     0.0%     3   11.1  13.2  11.1  16.2   2.6
12. google-public-dns-a.google.com    0.0%     3   11.2  11.6  11.2  11.9   0.0

8.8.8.8 其實沒有連到國外,Google 在台灣國內就有 DNS 節點。


同樣方法看一下 9.9.9.9 的 route:
                             My traceroute  [v0.85]
box (0.0.0.0)                                          Tue Nov 21 14:52:53 2017
Keys:  Help   Display mode   Restart statistics   Order of fields   quit
                                       Packets               Pings
 Host                                Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. 192.168.0.1                       0.0%     3    0.4   1.0   0.4   2.1   0.7
 2. h254.s98.ts.hinet.net             0.0%     3    9.0   9.0   9.0   9.1   0.0
 3. hc-c6r1.router.hinet.net          0.0%     3   10.3  10.7   9.0  13.0   2.0
 4. sczs-3201.hinet.net               0.0%     3   16.2  23.3   9.8  43.8  18.0
 5. TPDT-3011.hinet.net               0.0%     3   11.3  12.6  11.3  13.5   1.0
 6. r4103-s2.tp.hinet.net             0.0%     2   12.9  12.2  11.5  12.9   1.0
 7. r4103-s2.tp.hinet.net             0.0%     2   12.0  23.4  12.0  34.7  16.0
 8. xe-0-1-0-3-5.r00.osakjp02.jp.bb.  0.0%     2   48.0  54.8  48.0  61.6   9.6
 9. ae-5.r25.osakjp02.jp.bb.gin.ntt.  0.0%     2   47.6  50.8  47.6  54.0   4.5
10. ae-0.r20.sngpsi07.sg.bb.gin.ntt.  0.0%     2  117.4 114.2 110.9 117.4   4.6
11. ae-1.r01.sngpsi03.sg.bb.gin.ntt.  0.0%     2  106.7 107.4 106.7 108.1   0.0
12. ge-100-0-0-11.r01.sngpsi03.sg.ce  0.0%     2  116.8 114.4 112.0 116.8   3.3
13. dns.quad9.net                     0.0%     2  109.9 108.7 107.6 109.9   1.4

終端的節點在美國,所以速度比較慢是一定的啦。在多給他們一點時間吧。

沒有留言:

張貼留言