How to Improve Network Experience with a Self-hosted DNS Service

Tags:
Categories:

Network Quality and Network Experience

Do nothing, and you can get the best network experience

It needs to be clarified that network quality and network experience are two different concepts. Communication is a process involving multiple devices. We can refer to the uplink and downlink performance of a single device as network quality, while the performance of the entire end-to-end communication can be called network experience.

How to Measure Network Quality

Measuring network quality typically involves multiple metrics and methods. Here are some common methods and metrics for measuring network quality:

  1. Bandwidth: Bandwidth refers to the network’s capacity to transmit data, usually measured in the amount of data transmitted per second (bits per second). Higher bandwidth generally indicates better network quality.
  2. Latency: Latency is the time it takes for data to travel from the sender to the receiver. Low latency means fast data transmission and quicker network response.
  3. Packet Loss Rate: The packet loss rate is the proportion of data packets lost during transmission. A lower packet loss rate usually means better network quality.
  4. Jitter: Jitter refers to the variation or fluctuation in the arrival of data packets during transmission. Smaller jitter indicates higher network stability.
  5. Throughput: Throughput is the actual amount of data transmitted over the network, typically measured by the amount of data transferred per unit of time. Higher throughput indicates better network quality.
  6. Network Topology: Network topology describes the connection methods and structure between nodes in a network. A well-designed network topology can improve network performance and quality.
  7. Quality of Service (QoS): QoS is a set of technologies and mechanisms used to ensure acceptable service quality for data transmission over a network. QoS can be implemented in various ways, including traffic control and priority queuing.
  8. Protocol Analysis: By analyzing network protocols and packets, one can understand performance metrics and issues in the network, for example, using network analysis tools like Wireshark.

By comprehensively utilizing these metrics and methods, one can fully evaluate network quality and determine the strengths and areas for improvement in network performance. However, these are the metrics that ISPs focus on. For ordinary users, simply purchasing a suitably priced router is sufficient, as modern routers have automatic network quality adjustment features.

How to Measure Network Experience

First and foremost is accessibility. Being able to access is the most important foundation. Therefore, the domain name resolution service needs to meet basic capabilities:

  • Comprehensive: The upstream DNS service needs to be authoritative and capable of resolving more domain names.
  • Correct: The resolution results must be correct, with no resolution errors. Some DNS service providers may hijack or pollute certain domain names, resolving them to advertising pages.
  • Timely: After an IP address changes, the resolution results need to be updated promptly, rather than returning an old IP address.

Second is the network quality that the IP resolved by the DNS can provide.

The network quality that an internet service can provide is usually strongly dependent on geography. The closer the server and client are geographically, the better the service quality.

Many paid DNS resolution service providers support resolving different IPs based on geography. For example, here is a part of the service that Alibaba Cloud can provide:

(1) ISP Lines: Supports intelligent resolution by China Unicom, China Telecom, China Mobile, CERNET, Dr. Peng, and Broadcast Network, with subdivision by province; (2) Overseas Region Lines: Supported, with subdivision by continent and country; (3) Alibaba Cloud Lines: Supported, with subdivision by various regions; (4) Custom Lines: Supports custom IP address range for intelligent resolution;

The mechanism of resolving different IPs by region means that when users in different regions access the same domain name, they will get different resolution results. Naturally, resolving to a server closer to the user will result in a better network experience.

And the task of optimizing the user’s network experience is generally handled by the service provider based on the user’s real IP address. That is, for most users, do nothing, and you can get the best network experience.

How to Choose Upstream DNS Services for a Self-hosted DNS Service

All the materials you find by searching the Chinese internet will recommend you to choose authoritative DNS service providers, such as Alibaba Cloud, Tencent Cloud, Cloudflare, Google, etc. These DNS services can meet the accessibility of network services because they are comprehensive, correct, and timely. However, they may not necessarily resolve to the nearest server IP for you.

There is a large amount of material on the internet recommending the DNS services of large enterprises for historical reasons.

In the past, ISPs in our country could achieve traffic hijacking and thus push advertisements simply by using DNS hijacking combined with HTTP man-in-the-middle attacks. Nowadays, with the popularization of HTTPS, this hijacking method is relatively rare, but some local community broadband services may still have this problem. To address DNS hijacking, actually changing the DNS IP is of no avail, because the hijacking can target port 53, and the vast majority of DNS requests are unencrypted.

Furthermore, some special users want to access special websites, but some DNS service providers have IP pollution issues, which resolve the domain names of special websites to incorrect IP addresses, making them inaccessible. Authoritative DNS service providers rarely have such problems.

Therefore, there are three issues to consider here:

  1. IP pollution
  2. DNS hijacking
  3. Optimal service experience

Authoritative DNS service providers can solve problem 1, and encrypted protocols (DoT/DoH/QUIC) can solve problem 2.

To solve problem 3, you need to revert to your ISP’s default DNS service., as mentioned at the beginning of this article, do nothing, and you can get the best network experience.

But if you are a person with high standards, or a special user, the following will introduce how to configure two tools, AdguardHome and Clash, to solve these three problems simultaneously.

Authoritative and Intelligent DNS Services

AdguardHome Configuration

AdguardHome, hereinafter referred to as ADG, is a network ad-blocking and privacy protection software, and also a DNS service. It supports custom upstream DNS services and custom DNS rules.

ADG’s default method for requesting DNS from upstream is load balancing. Users can set multiple upstreams, and ADG will select the one with the fastest DNS response based on historical weighted query weights. Simply put, ADG will choose the faster DNS upstream to resolve domain names with a higher probability and choose non-optimal DNS upstreams with a lower probability.

We can choose the third option: Fastest IP address.

The benefit of this option is that ADG tests the IP resolution results of upstream DNS itself and returns the IP with the lowest latency to the downstream client. The following are the standard resolution results for bilibili.

You can see there are many IPs. If ADG does not test the IP resolution results and returns all IPs to the client, what will the client do?

Some clients will choose the first IP, some will choose the last IP, and some will choose a random IP. Regardless of the method, it is not necessarily the optimal choice.

After enabling the Fastest IP address option, the following are the optimized resolution results for bilibili. This step will bring an improvement in network experience.

Why isn’t ‘Fastest IP address’ the default choice? This feature is so useful, why isn’t it enabled by default?

Because its cost is waiting for the IP resolution results from all upstream DNS servers. When you have multiple DNS service providers as upstreams, the query time to the upstream will be based on the slowest one. For example, if your upstreams include Alibaba with an average service time of 50ms and Google with an average service time of 500ms, the upstream query time for ADG will be 500ms+.

Therefore, when configuring this option, users need to balance the quality and quantity of upstream DNS services and not be greedy. Here I recommend setting two upstreams: one authoritative (https://dns.alidns.com/dns-query), plus one ISP DNS.

The ISP DNS IP varies from place to place. You can click here to check the ISP DNS in your region.

Alternatively, you can check the ISP-recommended DNS in your router’s management interface:

Clash Configuration

Users with special needs are concerned about DNS hijacking and IP pollution issues but do not want to give up the optimal service experience. They can use the dns module of Clash.

Among them, nameserver-policy can specify different domain names to use different DNS service providers. The following is an example configuration:

dns:
  default-nameserver:
    - tls://223.5.5.5:853
    - tls://1.12.12.12:853
  nameserver:
    - https://dns.alidns.com/dns-query
    - https://one.one.one.one/dns-query
    - https://dns.google/dns-query
  nameserver-policy:
    "geosite:cn,private,apple":
      - 202.103.24.68 # ISP DNS in your own region
      - https://dns.alidns.com/dns-query
    "geosite:geolocation-!cn":
      - https://one.one.one.one/dns-query
      - https://dns.google/dns-query

Its meaning is:

  • default-nameserver: Used to resolve the IPs of the DNS services configured in nameserver.
  • nameserver: Used to resolve domain names for network requests.
  • nameserver-policy: Based on the policy, specifies different domain names to use different DNS services.

Thanks for Reading

If this article has been helpful to you, please give it a like. Comments and discussions are also very welcome.