DNS problems this morning - CORRECTION

[Tim]

Reindl Harald:
> > maybe you have a crappy ISP which blocks DNS if it is
> > not their own one - let me guess: USA, here in europe
> > it is absolutely no probem to setup a dns-server which
> > does recursion and never tocuhes any ISp crap, some
> > providers think they knpw better what their users nedd


Bob Goodwin:
> Yes but even then that should not prevent me from using my own
> nameserver?

No, but...

Nothing the ISP does can prevent you from using your DNS servers.  Such
activity is within your LAN.  However, your ISP can prevent your DNS
server from working properly, and you end up with no improvement.

Describing fully working networking, in a nutshell:

You try to browse a page on google.com, your browser asks your TCP/IP
stack for the IP to connect to google.com.  Which, usually, first looks
in your /etc/hosts file, then, if there was no answer, asks one of the
DNS servers listed in your /etc/resolv.conf file.  If that DNS servers
has an answer, it tells you it.  But if it doesn't have an answer, it
asks another external DNS server for .com to tell it which name server
has records for google.com, then it asks that name server the IP for
google.com, and that information gets relayed back through all of the
DNS servers back to you.  They cache that information for a while, so
that the next person asking for the IP for google.com gets the locally
cached information, instead of going through the whole chain.

But, if the name server replies back with "there is no answer," that's
the end of the query.  Your attempt to find an IP for google.com is
completely aborted.

Alternatively, if the first DNS server you query doesn't respond, at
all, to any queries, the next DNS server will be queried, instead.  And
the whole sequence of events is gone through.  NB:  The prior paragraph
mentions a major gotcha:  If the first server gives an answer, even if
the answer is "I dunno," that's the end of it.

Now, the curly thing is which server is asked when you have several
listed in /etc/resolv.conf.  Traditionally, one would have queried the
first on the list, then the second on the list, then the third, if any
of the prior ones just didn't respond.  Then, the next query will try
the first server, first, then the second server next, then the third
server, last.  Ad infinitum.

However, some TCP/IP stacks don't work that way.  Some will try the
first name server, and then the next, and then the next.  And will do
all future enquiries with the server that actually responded, until such
time that server doesn't respond.  Then it'll try to ask a different
one.  Some will randomly ask any server on the list.  I don't know which
technique Fedora's networking software will use, I've never bothered to
test this.

-----------

Now, describing a bad ISP.

You try to browse google.com, your network asks your DNS server for the
IP for google, and if it doesn't know, it'll try to do the right thing
and find the answer from the .com DNS server, but your ISP intercepts
the query, and handles it all by itself.

If their DNS server answers okay, then no real problem.  But if their
DNS server sucks, you're screwed.  You can't bypass it.

> I always used other dns servers, recently opendns, until March when
> this high speed satellite service became available and eventually I
> found that it was not using my opendns but it's own! And as you say
> it's crappy 

Was it you that we had this discussion with before?  I can never
remember who's doing what in threads, especially old or long-lasting
ones.

-- 
[tim at localhost ~]$ uname -rsvp
Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64

All mail to my mailbox is automatically deleted, there is no point
trying to privately email me, I will only read messages posted to the
public lists.