Since we're already scanning thousands of remote DNS resolvers as quickly as possible, the only way to speed it is to reduce the total number of resolvers scanned. Therefore, in summary, for following local firewall permissions should be provided:Ī:We would like the Benchmark's most time consuming operation, the scanning of thousands of possible resolvers to create a custom list, to take less time. So the Benchmark might also need to connect over TCP to remote port 443 (SSL). And if the user does build a custom list, the Benchmark will return statistics on the “top 200” resolvers found by the user, sending them back to GRC using an encrypted HTTPS SLL connection. This requires a connection using TCP protocol to remote port 80 (HTTP). Additionally, the benchmark may attempt to acquire GRC's current master list of publicly available resolvers in case the user hasn't yet built their own custom list. This includes the Benchmark's optional automatic or manual check for any newer version of itself, which is also performed through a DNS query. (And also note that those four would be the top four of the apparently faster seven when the list is sorted by fastest-first.)Ī:All of the Benchmark's DNS performance benchmarking is performed over UDP protocol to remote port 53 (DNS). Therefore, to answer the question posed above as an example: When the benchmark says that four resolvers are faster, even though the average performance of seven were faster, given the spread seen among the samples, we can only be at least 95% confident that four of those seven were repeatedly and reliably faster. In other words it says “ given the data we have seen, we can be 95% confident that the following is true.” It sets a confidence threshold of 95% for everything it concludes. The benchmark takes all this into account and uses this data to determine how sure it is able to be about any conclusions it draws. The larger the spread seen, the less certain we're able to be that the average of those samples will be highly representative of the resolver's repeatable behavior. It computes the “standard deviation” of the sample set to characterize the statistical spread seen within the set of samples obtained. The Benchmark carefully analyzes and develops a statistical model of each resolver. ![]() The good news is, “sampling theory” understands these things. ![]() We might get 20 or 60 if we happened to get 20 three times, or 60 three times. But what if we took three samples and received “20”, “40” and “60”? The average of these three is still 40, but we would be far less sure that if we took another three samples that we'd get an average of 40 again. In other words, if we were to take another three samples, from everything we've seen, we'd probably get 40 each time again, for another average of 40. If we took three samples, and each one was “40”, from everything we could tell we could be very confident that the average (which would be 40) would probably reflect the truth. But the question is: how certain are we that the average of those 50 samples is meaningful enough to draw a conclusion? In other words, if we were to take another 50 samples, how sure can we be that we'd get the same average? The benchmark takes 50 individual readings (samples) of each resolver's performance and displays the average of those 50 readings. For example, OpenDNS is notorious for doing this, but it can be turned off even with their completely free accounts.Ī:The confusion arises because the Benchmark tries very hard not to be “alarmist” and not to make dubious recommendations for changes that might not really be useful. So if you would like to use “ orange” resolvers, you might see whether there's a means for deactivating this behavior at the provider's end. Note also that this behavior has raised enough stir among annoyed users that ISPs and third-party providers who are doing this often provide some means for turning off this behavior for individual customers. Instead, such resolvers are configured to return the IP address of a web “intercept page” that some ISPs and third-party DNS providers use to generate advertising and marketing revenue from their users' domain name “typos.” If you're curious, you can give such resolvers a try by configuring your system to only use orange DNS resolvers, then deliberately mistype a domain name in your web browser and see how you feel about whatever it is that happens. ![]() ![]() A:The DNS Benchmark colors working DNS resolvers orange when they do not return DNS errors in response to queries for erroneous and non-existent domain names.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |