The DNS Benchmark Solution

[Maxxwire]

I had been having trouble for a week accessing 3 different sites that I use on a daily basis. So I began to do some research an I came across the freeware GRC DNS Benchmark Program. This amazingly very compact 175 KB program is written in assembly language and works without having to install it on your computer aka a Portable Application.

 

http://i468.photobucket.com/albums/rr44/Maxxwire_Photos/Album%202/DNSBench.png

 

When I used DNS Benchmark I finally discovered what was causing the problem I was having. DNS Benchmark showed me that one of my IP's DNS locations was down and they were diverting services to one of their DNS locations in Denver, Co which benchmarked a low 22nd fastest. The program also showed the IP's local DNS location which it noemally uses is now in testing mode and ranks 2nd fastest next to my IP's other local DNS.

 

Having this DNS Benchmark tool allowed me to immediately start using the fastest alternate pair of DNS Server addresses available and the problem I was having was solved instantly.

 

The DNS Benchmark is amazingly capable for a 175 KB program in that it can do a detailed diagnostic on your current Domain Name Servers and render a security rating on all of the remote Domain Name Servers that are being used. I was shocked to find out that there are a total 39 primary Domain Name Servers that can be used by my computer and this program renders a multifaceted security rating on each one of them along with a graphical representation of the performance of each DNS location.

 

Under Conclusions the program gives an honest very detailed analysis of your DNS security which is several screens in length and covers a long list of criteria which I found very helpful in troubleshooting this area of computer security.

 

~Maxx~

[firzen771]

interesting app, im gunna give it a try.

[enoskype]

Thanks Maxxwire, I found it very useful.

 

Cheers.

[atailor1]

Dns

 

Hi All,

 

Maxx, found your post to be of interest and would like to offer an option if I could. Suggest you and others give Open DNS a try. I have used it for about two years now and has been a great find. They have a free version and has always worked great for me.

 

 

http://www.opendns.com/

 

A.T.

[Maxxwire]

atailor1- Thank you for your well considered and positive experience based input, but the purpose of this thread goes far beyond any of our own personal recommendations and elevates the decision making level to that of using this DNS Benchmark evaluation tool to present the individual with copious amounts of detailed information that can be used to to evaluate which are the optimal Domain Name Server addresses to be used based on the speed test and security rating results of this very accurate test done right from the users computer on their own internet connection from whatever part of the world they might live in.

 

Have you used the free DNS Benchmark Program to asses the performance and security profile of Open DNS from your computer yet? I guarantee you that you will gain a wealth of very valuable and detailed information about their service if you do!

 

~Maxx~

[Maxxwire]

I've been using the DNS Benchmark tool to keep track of how Comcast is coming along with repairing their alternate DNS Server in our area, but they are still using the one in Denver for a backup and it benchmarks very slow from here.

 

~Maxx~

[atailor1]

DNS Benchmark

 

Hi Maxx,

 

Dropping by to let you know that I have been running DNS Benchmark for the last two days, and agree that it is a handy little tool to have in the box. My Open DNS doesn't rate the highest but does give good results as far as security, etc. My thanks for providing an excellent application, that will get good use over time.

 

A.T.

[Maxxwire]

A.T.- After hearing you talk of Open DNS I decided to reset my DNS Server settings and give Open DNS a try. As you mentioned it was a little slower than some, but only a few % slower overall than the fastest DNS Servers that I have tried since I got the DNS Benchmark tool and I can fully understand why the enhanced security of Open DNS would be well worth a few seconds worth of trade-offs here and there.

 

http://i468.photobucket.com/albums/rr44/Maxxwire_Photos/Album%202/OpenDNS.png

 

Somehow another Open DNS server got between the 2 standard Open DNS addresses that I was using at the time of the benchmark. If Comcast had such uniform performance among their DNS Servers I might go back to using them but as it is their top 2 DNS Servers test from 1st all the way down to 22nd place in the DNS Benchmark.

 

~Maxx~

[CalleJ]

Modifying the list of domains

 

According to GRC's website they use the top 50 domains (and I thingg they mean .com) in their test, they also write that you can change this - but they don't say how. Has anyone discovered how this works? Since I live in Sweden I would like to run this test with european domains and not just .com.

[Maxxwire]

CalleJ- You can replace the Domains List in the DNS Benchmark program just go to Nameservers> Add/Remove...

 

"The built-in top-50 domains list is er-replaceable to allow more or less accurate (and statistically significant) operation, and for support of DNSSEC record authentication. (More domains takes longer to run.)

 

.INI files containing sets and subsets of nameservers to benchmark can be added, removed, and saved."

 

~Maxx~

[danburrito]

From http://grc.com:

Special “dnsbench.ini” is auto-loaded, if present, to always override built-in nameserver list.

(This supports the use of customizable personal nameserver lists for special applications.)

[CalleJ]

Found it

 

It's not the nameserver list I want to change - I have already done that, it's the domains used to test the nameservers.

But I found out how by reading the version history - when you start the program you can set som switches -"/domain filename" replaces the built-in list with what you have in your file .

Unfortunately there is no way to see if the list was accepted, I cant see any statistics for how fast a nameserver is for a certain domain name.

[garybear]

Hi Maxx

 

Hi Maxx. I have not one clue about this. It said it don't get any better than this ---very nice. I guess I'm in good shape??????????

[Maxxwire]

garybear- The advantage that using 64.250.192.64 and 64.250.192.65 have is geographical in that they are located right there in Oklahoma City and like GRC says if they are returning every DNS request you make then it doesn't get any better than that.

 

~Maxx~

[garybear]

Hi danburrito

 

From http://grc.com:

 

OK Friend. What do I do now??? I'm using Windows Firewall. I don't think I'll lose much sleep over one test for now. Looks like for the most part I'm doing pretty good. The way I read it is Windows Firewall isn't letting any thing in, just out. I have nothing to let out on my PC so I'm not concerned at this moment unless you can convince me other wise. ---garybear

[garybear]

Hi friends!!

 

Ok. I'm bumping this up Chew me out but way won't some one answer me??---http://forums.iobit.com/showpost.php?p=33819&postcount=15

[Maxxwire]

OK Friend. What do I do now??? I'm using Windows Firewall. I don't think I'll lose much sleep over one test for now. Looks like for the most part I'm doing pretty good. The way I read it is Windows Firewall isn't letting any thing in, just out. I have nothing to let out on my PC so I'm not concerned at this moment unless you can convince me other wise. ---garybear

 

garybear- I apologize for not replying earlier, but I thought your question was for danburrito when I saw it just before going to bed last night. You're right, Windows firewall is good at keeping things out and passes the Shields Up Test just fine. You would be surprised at how many programs set themselves up to access the internet at any time they like. For example I have WMP completely blocked from accessing the internet because it was doing it every time it was used. ASC 3 will also access the internet every time it is opened so in my Firewall I set these programs to ask permission before they access the internet.

 

Don't get me wrong, there is no harm in WMP or ASC 3 accessing the internet on their own its just that I like to be the one who decides on accessability, but there are some other programs that I place the same restriction on because I have no idea why they should be accessing the internet every time they run.

 

~Maxx~

[garybear]

Hi friend!!!

 

garybear- I apologize for not replying earlier, but I thought your question was for danburrito when I saw it just before going to bed last night. You're right, Windows firewall is good at keeping things out and passes the Shields Up Test just fine. You would be surprised at how many programs set themselves up to access the internet at any time they like. For example I have WMP completely blocked from accessing the internet because it was doing it every time it was used. ASC 3 will also access the internet every time it is opened so in my Firewall I set these programs to ask permission before they access the internet.

 

Don't get me wrong, there is no harm in WMP or ASC 3 accessing the internet on their own its just that I like to be the one who decides on accessability, but there are some other programs that I place the same restriction on because I have no idea why they should be accessing the internet every time they run.

 

~Maxx~

Hi Maxx. I have some screen shots that I think you are talking about as far as WMP trying to access the internet. I may have to make two posts to get them all in. You will see I think that WMP is being blocked. I clicked on WMP 4 times. The results are in my screen prints.. I did not see any thing when I clicked on ASC3. Just know that port 135 is blocked and safe. Sorry I don't have the knowledge to talk computer talk, but I try real hard. Love you man.---garybear

[garybear]

Hi Maxx!!

 

Hi Maxx. This is what my event viewer is telling me after clicking on WMP 4 times. I always wondered what DCOM error was and now I think I know or maybe I don't know. I just know every time I access Windows Player I get this DCOM error. Some thing didn't connect and I think that's good. What do you think???

[Maxxwire]

garybear- Is there a Windows XP Firewall log that you can access and check all outbound traffic?

 

~Maxx~

[garybear]

Hi Maxx

 

garybear- Is there a Windows XP Firewall log that you can access and check all outbound traffic?

 

~Maxx~

 

Hi friend. I do not have a clue where to find that, but will give it a shot and hope our aces can help me find it.This is all my logs. Which one is it???

[Maxxwire]

garybear- I found this about enabling logging in Windows Firewall from...

 

http://ecross.mvps.org/howto/pfirewall.htm

 

The Windows Firewall log allows advanced users to collect and identify inbound traffic. You can log dropped packets and successful connections. Security logging does not need to be enabled for Windows Firewall to function. Because security logging is considered an advanced option, it is not enabled by default. To enable logging, follow these steps:

 

Click Start, Run, and type firewall.cpl, and then click Ok.

Click the Advanced tab.

 

Under Security Logging, click the Settings button.

 

In the Log Settings, click to select the Log dropped packets and Log successful connections checkboxes, and then click Ok.

Click Ok to close the Windows Firewall.

 

It doesn't look like it logs outbound traffic though. I'll keep checking...

 

~Maxx~

[garybear]

garybear- I found this about enabling logging in Windows Firewall from...

 

http://ecross.mvps.org/howto/pfirewall.htm

 

The Windows Firewall log allows advanced users to collect and identify inbound traffic. You can log dropped packets and successful connections. Security logging does not need to be enabled for Windows Firewall to function. Because security logging is considered an advanced option, it is not enabled by default. To enable logging, follow these steps:

 

Click Start, Run, and type firewall.cpl, and then click Ok.

Click the Advanced tab.

 

Under Security Logging, click the Settings button.

 

In the Log Settings, click to select the Log dropped packets and Log successful connections checkboxes, and then click Ok.

Click Ok to close the Windows Firewall.

 

It doesn't look like it logs outbound traffic though. I'll keep checking...

 

~Maxx~

Hi friend. I now have a log which tells this big dummy nothing.

[Maxxwire]

garybear- While the incoming traffic log is confusing it looks as though MS made it very difficult to change the default allow settings of the outbound traffic...

 

"Windows Firewall does not interfere with services commonly required for systems to join networks, e.g., DNS, DHCP, and domain controller access. Windows Firewall only handles incoming traffic policy. XP's default outbound traffic policy, allow any outbound traffic, does not change when you install SP2.

 

Leaving the default configuration of an XP system unprotected from many spyware applications, back channels, and trojans is one of several "missed opportunities" for Microsoft. By comparison, third-party personal firewall software like Zone Alarm, Tiny PFW, and Kerio begin with deny all outbound traffic. Access to IP Security Policies isn't available from Windows Security Center, the control panel Microsoft offers as a way to manage your Windows security settings. To modify outbound traffic handling policy you must configure Internet Protocol security (IPSec) policies, which is a difficult configuration task for non-technical users. By making outbound policy configuration this challenging, Microsoft has all but assured that relatively few users will modify the defaults."

 

It is too bad that MS purposely made it so difficult for the user to control outbound traffic. With the Comodo firewall that I use as well as many other 3rd party firewalls you can very make any configuration for any program that you like in a very simple GUI...

 

http://usera.ImageCave.com/MaxxPix/Firewall%20Configurations.jpg

 

~Maxx~

[garybear]

Windows Firewall does not interfere with services commonly required for systems to join networks, e.g., DNS, DHCP, and domain controller access. Windows Firewall only handles incoming traffic policy. XP's default outbound traffic policy, allow any outbound traffic, does not change when you install SP2.

 

Leaving the default configuration of an XP system unprotected from many spyware applications, back channels, and trojans is one of several "missed opportunities" for Microsoft. By comparison, third-party personal firewall software like Zone Alarm, Tiny PFW, and Kerio begin with deny all outbound traffic. Access to IP Security Policies isn't available from Windows Security Center, the control panel Microsoft offers as a way to manage your Windows security settings. To modify outbound traffic handling policy you must configure Internet Protocol security (IPSec) policies, which is a difficult configuration task for non-technical users. By making outbound policy configuration this challenging, Microsoft has all but assured that relatively few users will modify the defaults.

 

garybear- It is too bad that MS made it so difficult for the user to control outbound traffic. With the Comodo firewall that I use as well as many other 3rd party firewalls you can make any configuration for any program that you like...

 

http://usera.ImageCave.com/MaxxPix/Firewall%20Configurations.jpg

 

~Maxx~

Hi friend. Thank you a whole bunch for your time and knowledge. I think you are above my pay grade. I might try your Comodo firewall. I will need your help. Its 3:48 in the morning here and I;m headed for bed. Thank you so much my friend.---gary