I have been using the default one from my ISPin my router. I did a dig at it and found the query time was 40 msec, 8.8.8.8 was 36 msec so not much in it. 1.1.1.1 was a long 100 msec and 208.67.222.222 (OpenDNS) only 20 msec.
I think I might use OpenDNS. They must have a presence near me (unlike CloudFlare).
Any reason not to use OpenDNS (they have been bought by Cisco since I last looked)? Any other favourite servers I should try?
Neth really should follow in the footsteps of its ancestor and be its own DNS resolver. Failing that, though, my pfSense router acts as a DNS resolver for my LAN.
Neth acts as a caching DNS server, and only properly “resolves” other hosts on the LAN. Anything it doesn’t know, it asks the one or two servers you give it. By contrast, a proper resolver doesn’t need to be told which DNS servers to use; it queries the roots and builds from there. This is how SME (Neth’s father) works, and how pfSense can work (and how I have it configured). I continue to be surprised that Neth removed this feature when they forked from SME.
Danb35 is quite correct in this sense. The Nethserver DNS (unbound?) works well enough for SOHO environments who don’t need more.
If the environment contains a mailserver (Not the Nethserver) or even worse, more than one mailserver there is NO possibility to add in MX Records. You can’t even add in an Alias. The “Alias” in Nethserver is ONLY for Server aliases.
If I manually add in an alias, example:
myserver.domain.tld = 192.168.20.30
is the server’s FQDN (Not the NethServer!)
and I’d like that server to be reachable with
myalias.domain.tld, then the only option I have is to make a second entry like
myalias.domain.tld = 192.168.20.30
Now, this works, BUT:
The reverse DNS (PTR) now points 192.168.20.30 to myalias.domain.tld instead of the correct myserver.domain.tld.
Also no UI for adding in TXT, SVC or other stuff besides using a custom template.
I love NethServer, but there should be an Option to choose a simple repeater like Unbound-DNS or a full blown BIND or some other DNS.
Sure, there are a few stuff which is VERY simple in Unbound:
Say blocking access to Facebook or whatever:
Make an entry like *.facebook.com = 127.0.0.1 - that simple!
Two years back, one of my clients had the only working UPC Internet Cable connection, as none of the other clients had an internal DNS (mine did, a full BIND without any need for provider DNS…). The complete DNS Services of UPC in Switzerland was down, but the Network was working…