I run my own DNS in our home. You may think this is crazy, but test after test has shown that nearly all ISPs provide substandard DNS to their customers. Even the finest DNS servers are only responsive 95% of the time. With the number of times you use DNS, you could be losing seconds or minutes per day while you wait for timeouts and rerequests.
Mvps.org maintains a list of “known bad domains”. While it is certainly not a replacement for other security measures, its another line of defense. It is another tool in the bag. For more reasons, read their site.
http://www.mvps.org/winhelp2002/hosts.htm
I don’t want to maintain host files on all of my home systems and all of the VMs too, I’d like to just tell my DNS server about these hosts and have it do the right thing.
By combining the downloaded hosts file and using this little boo script to map it into bind config, I have done just that. I use include files to bind. I’ve added a line like this to my /etc/bind/named.conf.local on my ubuntu server
include "/etc/bind/named.conf.mvps";
Then, I’ve added the output of this boo script to the /etc/bind/named.conf.mvps file. Reload bind and everything is done.
import System.IO
for line as string in [line for line in @/\n|\r\n/.Split( File.OpenText("HOSTS").ReadToEnd() ) if (not line.StartsWith("#") and line!=string.Empty and not line.Contains("localhost"))]:
fields = @/ +/.Split(line)
if (fields.Length > 1):
host = fields[1]
print "zone \"${host}\" { type master; file \"/etc/bind/db.local\"; };"
Before hand, host resolution looked like this:
$ host ad.a8.net
ad.a8.net has address 203.190.224.60
After reloading bind, it looks like this:
$ host ad.a8.net
ad.a8.net has address 127.0.0.1
ad.a8.net has IPv6 address ::1
How does your DNS server compare with services like OpenDNS? I can easily see how your DNS server provides better service than ISPs but I would imagine that the performance increase from OpenDNS to your own might not be worth the effort (at least for me).
A great question.
I don’t use opendns for other reasons. I find their response to nonexistent domains to a search page, offensive.
Check out dnsb aka dnsbench from http://www.grc.com/dnsb/ When I have tested with it, opendns was far below even my local ISP dns server.