Is your bad internet experience being caused by your ISP's underperforming DNS? Find out today

So you have finally signed up for that broadband and dedicated internet bandwidth that you ISP has been trying to sell you for the last one year and has been telling you all the nice things that dedicated bandwidth can do! you decided to bite the bullet and release that hard earned cash to experience that fast lane for internet, may be it started out so well on day one but the experience gets worse by the day and soon or later you can't even tell the difference between your old and new connection.

Well, there are other factors that affect internet speeds and trust me you can have a whole pipe of 100Mbps to yourself, but if your ISP's DNS (Domain Name Server) has issues, it will always have a direct impact to your internet experience. 

One of the major performance indicators (a.k.a KPIs) for DNS is the "DNS Response Time"; This is the time it takes (in milliseconds) for the DNS to resolve a requested domain (for example www.facebook.com) into it's corresponding IP (Internet Protocal) address (for example 157.240.7.35).

A slow, overloaded or unreliable DNS has a direct impact on customer's internet experience and noticeably slows down virtually all your internet use. Every ISP has their own DNS infrastructure that is closer to their end users (topology-wise), but this does not directly imply that it will be the fastest DNS in response time. There are many well known publicly available DNS alternatives, which by geo-location and topology-wise are far away from your access device but have better response times and today am going to show you how you can determine that and also optimize your connection.

"You can't optimize it until you can measure it"

Another important point is that your ISP DNS could be in the wrong order, with the secondary DNS performing faster than the primary DNS and this also matters because the requests will always be sent to the primary DNS first. so this article is for both the end user and you the ISP engineer. Am sure you don't want a customer to walk into your office and present to you a report of how publicly available DNS(s) are performing better than your DNS(s)! So you better measure it now and optimize it now.

DNS Benchmark is a freeware tool and you can download it HERE
This tool compares the performance of the ISP DNS with many well known publicly available alternatives. The tool then generates visual reports that compare your ISP DNS response time with other public DNS(s), these reports are easy to interpret and the DNS(s) are ranked according to response time. You don't need to be an expert or geek to use this tool, and you will find the "How tos?" on the download website.

See below a screen shot of the tool and sample report:

DNS Benchmark

DNS Benchmark Report

Based on the results and conclusions from the benchmark, you can determine if you should continue using the DNS(s) provided by your ISP (if they rank top) or if you should change to public DNS(s), that's if the public DNS(s) rank on top of your ISP DNS(s). And if the DNS settings for your connection can't be manually changed, you have the right to walk up to your ISP and challenge them, just make sure to save your benchmark reports.

Going forward, don't let a slow DNS ruin your internet experience. Have fun

Credits: Precision Freeware by Steve Gibson

What are bogon routes & why should they be a concern to ISP network admins?

What are bogon routes?

Bogons are martians (private and reserved addresses defined by RFC1918, RFC5735 and RFC 6598) and net blocks that have been allocated to a regional internet registry (RIR) by the internet assigned numbers authority (IANA).

A bogon prefix is a route that should never appear in the internet routing table therefore packets routed over the public internet with a source address in a bogon range should be discarded.

Why should bogon prefixes be a concern to ISP network administrators?

Bogons are used by malicious internet users and hackers to launch DDoS attacks and IP address spoofing. In fact, most of the frequently attacked sites, 60% of the naughty packets were obvious bogons.

What should you do as an ISP network administrator to guard your network against bogons?

You need to filter and reject or discard bogon routes at your BGP edge router so they don’t enter your routing table as valid destinations. Filtering should be done on both the ingress and egress direction because similarly you don’t want to advertise bogon prefixes to your upstream provider.

However, if you choose to filter bogons you need to have a plan to keep your filters update because these lists change every day especially the full bogon list which has significant changes every day.

You can find the full bogon IPv4 and IPv6 lists here.

Bogon filtering is good and a wise decision but you have to be committed to maintaining it every day, if you just download a full bogons list once and use it to filter at your BGP router without updating it, it will become out of date very quickly and you will end up blocking legitimate traffic.

A good idea is to peer with bogon route servers, it’s a free service and you can apply here. 

In this way, your bogon prefixes will be automatically updated. Any changes in the full bogon prefixes will immediately be reflected in your BGP router which saves you from what would otherwise be a rigorous daily routine of downloading and updating your full bogon lists.

Credits: TEAM CYMRU

I Can Ping But I Can Not Browse - What's wrong with my Internet?

Summary: 

For the biggest part that i have worked in the ISP industry, this is by far the most common complaint from the customers, so today i have decided to write a brief guide line on how to troubleshoot this problem from the client side and possibly resolve it yourself without having to engage the service provider.

Problem or Goal:

You can ping a public IP in the internet for example 4.2.2.2 but can't browse a website for example www.tagsaleuganda.com in your browser.

if you open your CMD terminal and run this test:
1. Ping any public IP, for example 4.2.2.2 you get replies, meaning your connectivity up to layer 3 (refer to the OSI model) is ok.

Opening CMD

Pinging a public IP returns replies, meaning connectivity is OK.

2. The challenge is when you ping a domain name for example; ping www.tagsaleuganda.com
Ideally this should also work if the domain is valid, it should be able to resolve the domain to an IP and you should be able to get replies on the CMD, that is for a good connection.

This is a good ping to a domain name and good DNS resolution of domain to IP

3. But for this case where a customer is able to ping the internet (in 1 above) but can't browse a page on the internet, usually the second test (2 above) will fail, you will get request timed out and the domain will fail to resolve into an IP.

Cause:

Most likely you have a DNS issue, check to make sure the DNS settings are properly configured in your router or PC. 

Solution:

Ask your service provider for the DNS settings, if the DNS is statically configured, make sure you have entered the right DNS IP.
If you don't know which DNS to use, you can configure your router or computer to use the public DNS(s), for example the google public DNS IP: 8.8.8.8

Problem Solved?

Yes

Thinking of parental control for your home internet? - I recommend OpenDNS

Yet another note to self.

Open DNS has a free account that you can use to filter content, block adult and gambling sites for your home internet or small office solution.

Click this link to read more about the setup guide. it's simple and easy to implement.

Use Open DNS to filter content to your home internet, block adult content and gambling sites