I was having somewhat painful DNS lookup fails (page unavailable / site unavailable errors) and very slow page loads (often waiting for gravitar and such odd bits to load, indicating some DNS sloth as likely).
Wasn’t sure if it was the Chromebook or what, but figured as a sanitation measure to just swap from the default Telco DNS server to a bigger bolder one ought to answer the question of DNS Server Sloth.
Decided to swap over to some ad-blocking DNS servers in the process. Well…. That failed entirely. (I’ll skip the hour or two spent trying different ad-blocking DNS servers and ALL of them failing 100%) Eventually I got a clue that maybe, just maybe, it was the ad-blocking aspect. Put in Google DNS server (126.96.36.199 and 188.8.131.52) and everything worked Great! and Fast!
FWIW I despise Google on many levels. But when their product is “the right answer” I tend to use it anyway. Example is the Chromebook. I’m using it 100% and only for Blog Stuff. As that is all pretty much public anyway, not a lot of security / privacy worry about someone seeing what’s on the blog or that I go there. Similarly, for a “go to” always up always DDOS protected always good for debugging use, their DNS servers are very good. So I tend to use them “when all else fails” and I need to diagnose: is it, or is it not, the DNS server.
Well, it was the DNS Server. OK… But not just that the Telco server was bog slow and sporadically timing out. It was also the case that attempts to use an ad-blocking DNS server (a few of them actually) were being actively blocked by “somebody”… and that somebody is almost certainly the Telco. In this case, both T-Mobile and AT&T (via the Tracfone purchase of my Tracfone provider).
I’ve not done an exhaustive test of all this. Basically just got it all working and the rough outline identified. FWIW, I’m presently using a “malware blocking” DNS server (184.108.40.206) and it is working Just Fine. This leads me to believe that it is active blocking of the ad-blocking DNS servers, which implies the Telco is getting a kick-back from someone on ad serving. Perhaps just that, as these are cell phone hot spots, the much more rapid burn of the “hotspot GB” that comes with lots of ads.
Whatever. I’ll go down that rabbit hole later.
Next task will be to configure PiHole on the Pine64 and get it integrated with the hot spots into a unified LAN on my WiFi router. They can not block DNS lookups done by the PiHole and then the blacklist of sites comes as data inside an encrypted pipe, so hard to block that. And the escalation war goes on… but on another day. Today is a holiday, so BBQ and such takes precedence.
Some public DNS servers:
Alternate DNS offers an affordable, global Domain Name System (DNS) resolution service, that you can use to block unwanted ads.
Try it out:
Set your DNS to 220.127.116.11 (new / fastest!)
Secondary server 18.104.22.168
For ipv6 2602:fcbc::ad & 2602:fcbc:2::ad
If you want to block ads and trackers.
If you don’t want AdGuard DNS to block ads and trackers, or any other DNS requests.
Family protection servers
If you want to block adult content, enable safe search and safe mode options wherever possible, and also block ads and trackers.
I also got to use the Linux installed in a container on ChromOS to do an nslookup and whois or two. Just a nice thing to have those tools available…
FWIW, the 22.214.171.124 server is a Cloudflare / APNIC server
You may be familiar with their 126.96.36.199 and 188.8.131.52 servers (reputed to not log nor sell your DNS lookups). They have also added a set for blocking malware and one for blocking porn too.
Two years ago CloudFlare launched a secure free fast DNS service 184.108.40.206 to help people surf more privately on the internet.
Today the company processes more than 200 billion DNS requests per day, making Cloudflare the second largest public DNS resolver in the world, behind only Google.
Now Cloudflare has expanded its free DNS service with what they call “220.127.116.11 for Families” :
18.104.22.168 – blocks known malware
22.214.171.124 – blocks malware and adult content
In the coming months, CloudFlare will provide the ability to define additional configuration settings for 126.96.36.199 for Families.
You choose whether you want to block malware and adult content or just malware depending on which IP address you configure:
Malware and Adult Content
Primary DNS: 188.8.131.52
Secondary DNS: 184.108.40.206
Malware Blocking Only
Primary DNS: 2606:4700:4700::1112
Secondary DNS: 2606:4700:4700::1002
Malware and Adult Content
Primary DNS: 2606:4700:4700::1113
Secondary DNS: 2606:4700:4700::1003
Let us know if you’re going to use services like this to protect your household.
There are a LOT of alternative / other DNS servers and perhaps some amount of Dig Here! would find some that ad-block and work with the Telco, but that will be for another day. I did find it interesting that, per this site, Yandex (Russia) has a DNS server offering too. Might provide a bypass for Russian sites if the GEBs decide to start blocking access to some Russian pages via DNS Buggery…
Additional DNS Servers Here are several more public DNS servers from major providers. More Free DNS Servers Provider Primary DNS Secondary DNS DNS.WATCH 220.127.116.11 18.104.22.168 Comodo Secure DNS 22.214.171.124 126.96.36.199 CenturyLink (Level3) 188.8.131.52 184.108.40.206 SafeSDN 220.127.116.11 18.104.22.168 OpenNIC 22.214.171.124 126.96.36.199 Dyn 188.8.131.52 184.108.40.206 Yandex.DNS 220.127.116.11 18.104.22.168 Hurricane Electric 22.214.171.124 Neustar 126.96.36.199 188.8.131.52 Control D 184.108.40.206 220.127.116.11 Some of these providers have several DNS servers. Visit the link above and select a server that's geographically nearby for the optimal performance.
On “Another Day” when I’m feeling more like doing actual work, I’ll give Yandex a spin.
SO, ok, there you have it. Yet Another DNS Fail Bug / Issue resolved. It has generally been my experience that the Telco DNS is slower than others, even on land line installs; so not really a surprise it is more limited on the cell network.
For now I’m using Cloudflare. Later it will be PiHole (where I’ve done articles on it before). In between? A bit of hunt and peck off the lists.
If anyone has a preferred Ad Block DNS, feel free to give it a shout out.
Oh, and along the way was reminded that Chrome Browser will sometimes try to punt DNS lookups to Google at 18.104.22.168 regardless of your server setting in the system. While that’s not (yet) and issue for me, it would be “best practices” to block traffic to Google addresses in your boundary router IFF you are running a secure / private site.
By Default, ChromeOS and Chrome browser are designed to harvest your personal information. You can fight it, but it is an ongoing struggle.
So, with that, I’m off to other things. Back from the morning hot tub and pool, but 45 minutes until the BBQ at the pool starts ;-) Life in a vacation RV Park, keeps getting in the way of work 8-)
Just for fun, I’ve put Yandex in my DNS list right after 22.214.171.124, put in last place 126.96.36.199 (yes, blocks porn, but as I never go looking for porn I just don’t care, but normally don’t like someone else deciding what is and is not porn globally), and with Level 3 in 3rd place.
Nothing Telco nor Google. So far works well. We’ll see about longer term on this device.