看到新聞:「IBM宣布推出免費DNS轉址服務 Quad9,只要將DNS伺服器設為9.9.9.9 即可阻擋惡意網站」,聽起來頗有趣的,所以玩了一下。
我這邊比較偏重 DNS 回應速度,自家機器在中華電信的線路上,先用 168.95.1.1 來看回應速度:
johnroyer@box:~$ ping -c 5 168.95.1.1
PING 168.95.1.1 (168.95.1.1) 56(84) bytes of data.
64 bytes from 168.95.1.1: icmp_seq=1 ttl=247 time=11.5 ms
64 bytes from 168.95.1.1: icmp_seq=2 ttl=247 time=11.8 ms
64 bytes from 168.95.1.1: icmp_seq=3 ttl=247 time=11.9 ms
64 bytes from 168.95.1.1: icmp_seq=4 ttl=247 time=10.5 ms
64 bytes from 168.95.1.1: icmp_seq=5 ttl=247 time=10.3 ms
--- 168.95.1.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4008ms
rtt min/avg/max/mdev = 10.377/11.248/11.921/0.664 ms
再來看看 Google DNS 8.8.8.8:
johnroyer@box:~$ ping -c 5 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=26.1 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=57 time=28.7 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=57 time=22.0 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=57 time=15.7 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=57 time=33.0 ms
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4008ms
rtt min/avg/max/mdev = 15.702/25.163/33.086/5.935 ms最後看一下 9.9.9.9 的回應速度:
johnroyer@box:~$ ping -c 5 9.9.9.9
PING 9.9.9.9 (9.9.9.9) 56(84) bytes of data.
64 bytes from 9.9.9.9: icmp_seq=1 ttl=52 time=108 ms
64 bytes from 9.9.9.9: icmp_seq=2 ttl=52 time=107 ms
64 bytes from 9.9.9.9: icmp_seq=3 ttl=52 time=108 ms
64 bytes from 9.9.9.9: icmp_seq=4 ttl=52 time=113 ms
64 bytes from 9.9.9.9: icmp_seq=5 ttl=52 time=108 ms
--- 9.9.9.9 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4007ms
rtt min/avg/max/mdev = 107.934/109.402/113.095/1.905 ms目前 9.9.9.9 的回應速度還差了一個數量級,所以如果瀏覽器開一個結構比較複雜的網頁,說不定開啟速度會慢到一秒。然後我比較希望有病毒樣本,所以不希望那麼安全的 DNS (拖走)
另外,速度比較慢的原因可能是網路節點問題。用 mtr 掃了一下 route:
My traceroute [v0.85]
box (0.0.0.0) Tue Nov 21 14:51:00 2017
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. 192.168.0.1 0.0% 4 0.5 0.9 0.4 1.8 0.0
2. h254.s98.ts.hinet.net 0.0% 4 9.1 9.7 9.1 11.0 0.6
3. hc-c6r1.router.hinet.net 0.0% 4 8.7 9.2 8.7 9.8 0.0
4. sczs-3202.hinet.net 0.0% 4 8.6 11.9 8.6 20.4 5.7
5. TPDT-3012.hinet.net 0.0% 3 13.0 13.6 13.0 14.7 0.7
6. 220-128-14-90.HINET-IP.hinet.net 0.0% 3 11.2 23.0 11.2 46.7 20.5
7. pcpd-3212.hinet.net 0.0% 3 10.9 11.3 10.9 11.8 0.0
8. pcpd-3211.hinet.net 0.0% 3 11.7 13.4 10.5 18.0 4.0
9. 72.14.202.178 0.0% 3 10.3 11.2 10.3 12.0 0.7
10. 108.170.244.129 0.0% 3 12.4 11.6 10.9 12.4 0.0
11. 72.14.238.189 0.0% 3 11.1 13.2 11.1 16.2 2.6
12. google-public-dns-a.google.com 0.0% 3 11.2 11.6 11.2 11.9 0.08.8.8.8 其實沒有連到國外,Google 在台灣國內就有 DNS 節點。
同樣方法看一下 9.9.9.9 的 route:
My traceroute [v0.85]
box (0.0.0.0) Tue Nov 21 14:52:53 2017
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. 192.168.0.1 0.0% 3 0.4 1.0 0.4 2.1 0.7
2. h254.s98.ts.hinet.net 0.0% 3 9.0 9.0 9.0 9.1 0.0
3. hc-c6r1.router.hinet.net 0.0% 3 10.3 10.7 9.0 13.0 2.0
4. sczs-3201.hinet.net 0.0% 3 16.2 23.3 9.8 43.8 18.0
5. TPDT-3011.hinet.net 0.0% 3 11.3 12.6 11.3 13.5 1.0
6. r4103-s2.tp.hinet.net 0.0% 2 12.9 12.2 11.5 12.9 1.0
7. r4103-s2.tp.hinet.net 0.0% 2 12.0 23.4 12.0 34.7 16.0
8. xe-0-1-0-3-5.r00.osakjp02.jp.bb. 0.0% 2 48.0 54.8 48.0 61.6 9.6
9. ae-5.r25.osakjp02.jp.bb.gin.ntt. 0.0% 2 47.6 50.8 47.6 54.0 4.5
10. ae-0.r20.sngpsi07.sg.bb.gin.ntt. 0.0% 2 117.4 114.2 110.9 117.4 4.6
11. ae-1.r01.sngpsi03.sg.bb.gin.ntt. 0.0% 2 106.7 107.4 106.7 108.1 0.0
12. ge-100-0-0-11.r01.sngpsi03.sg.ce 0.0% 2 116.8 114.4 112.0 116.8 3.3
13. dns.quad9.net 0.0% 2 109.9 108.7 107.6 109.9 1.4終端的節點在美國,所以速度比較慢是一定的啦。在多給他們一點時間吧。