Beginning work on v2 of the DNS Benchmark

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

Steve

(as in GRC)
Staff member
Feb 1, 2019
903
1,269
69
Southern CA, USA
www.grc.com
Hey Everyone!

With the conclusion of the work on GRC's mailing facility and SpinRite's documentation being finalized with the creation of the planned video walkthrough / demo... work on the next project — v2 of the DNS Benchmark — is ready to officially begin. To that end, I've updated GRC's DNS Benchmark page with the planned features of v2. They currently look like this:

Features Free Plus Pro
IPv4 Yes Yes Yes
Benchmark 200 nameservers Yes Yes Yes
Updated 4800+ server list New! New! New!
Updated “top50” websites New! New! New!
Updated default nameserver list IPv4 IPv4/v6 IPv4/v6
Auto configure fastest DNS New! New! New!
IPv6 Support - - - New! New!
Encrypted DoH (DNS over HTTPS) - - - New! New!
Encrypted DoT (DNS over TLS) - - - New! New!
Encrypted DNSCrypt - - - New! New!
User-provided domain testing - - - New! New!
DNSSEC (signed domains) - - - New! New!
DNS “Spoofability” testing - - - - - - New!
Can run as a Windows service - - - - - - New!
Long-term performance graphing - - - - - - New!
Automatically use fastest servers - - - - - - New!
Failing server auto-bypass - - - - - - New!
Background monitoring - - - - - - New!
Continuous logging - - - - - - New!
24-hour performance comparison - - - - - - New!
Measure non-A/AAAA records - - - - - - New!
Your support for this utility In spirit $ $ $
Price:  Free $9.95 $19.95

The final feature set is still completely up in the air and I'll be interested to hear of anything that anyone thinks I've missed.

I plan follow the development model that worked for SpinRite v6.1, except that our new https://dev.grc.com development forum will be used for feature and bug tracking instead of our GitLab instance. I'm undecided about whether most of the development dialog will be conducted in GRC's “grc.thinktank” newsgroup (where I've been hanging out and which seems like an appropriate “catch all” container for all future work, or to create a ".dev" group under our current "grc.dns" group much as we did for "grc.spinrite.dev".

But in any event, I will work to keep an eye on THIS thread here to pickup and interact with any ideas anyone here might have. 👍🏻 Here we go!!
 
Steve,
I have been using your DNS Benchmark for a long, long time. Well over 10 years, maybe from the very beginning!
Recently I was testing my Pi-Hole vs NextDNS and ControlD and I posted a writeup on my blog. You might find it a useful example use case.

A few small ideas:
- I always forget what the different color bars are, cached, uncached, dotcom (I know I can click them and it tells me). It might be nice to have a visible key on that tab/page.
- The dashed vertical lines on the bar chart seem to indicate 20ms increments. It would be helpful to label that horizontal axis.
- It would be nice to be able to put custom names for the servers. And for those names to be saved in the .ini file and loaded from there.
- The tabular data is hard to read because it takes so much vertical space. Maybe there is a way to condense this? (Perhaps put the server names to the left instead of between the results, and only label the columns at the very top of the chart.)
- It would be nice to be easily able to export the tabular data as a csv or similar.

Can't wait to se the next version!
 
Steve,
Changing the Windows system DNS servers to what you find to be the fastest is no simple thing.

To begin with, there is old insecure UDP and new secure TCP DNS.
Then there is Windows 10, which does not support the new DNS system-wide and Windows 11 which does
Then too, there are browsers with their own DNS settings that ignore Windows system wide settings
And, there are portable browsers which are in random folders that Windows is un-aware of
And, Windows has two two system wide settings, one for Wifi and another for Ethernet
And, for old DNS, the router can modify whatever Windows thinks it is doing for DNS and Windows can not tell this happened.

Finally, even if you do code for all of these many variations, it will be pretty much impossible to explain it to your customers.
 
I run this tool once a year and reconfigure my DNS servers accordingly. My local Unbound cache server is always faster than my ISP DNS cache servers and other ones in the list even though I'm forwarding to either quad nine or 1.1.1.1 using DoT.

forward-zone:
name: "." # use for ALL queries
forward-tls-upstream: yes
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com

I haven't set it up yet for IPv6, but I know I'll still get back a AAAA record with a IPv6 address from those servers. And I'm dual stack otherwise.

The problem though is that upstream I'm still receiving frequent NSEC3 errors. But these don't seem to impact the benchmark. I haven't dug in yet as to what namerservers are not properly signed. These come back from both quad nine and 1.1.1.1.

Nov 7 08:25:02 unbound: [45803:0] info: validation failure <_dns.resolver.arpa. SVCB IN>: no NSEC3 records from 9.9.9.9 for DS resolver.arpa. while building chain of trust

Nov 7 08:07:55 unbound: [45803:0] info: validation failure <_dns.resolver.arpa. SVCB IN>: no NSEC3 records from 1.1.1.1 for DS resolver.arpa. while building chain of trust

Despite this I'm still showing the best numbers from running a local cache server with the DNS benchmark tool. And then I use your tool to pick backups. What I don't really know with the backups is the level privacy I'm getting from them. This info would be super helpful in deciding beyond speed.

What's the plan for DNSSEC since it still doesn't seem to be fully implemented and properly signed all of the time?

And for records coming back with both a A and AAAA record, is the benchmark for the return of both or only the A record?
 
Any idea on a time table? This is not something that I need, but I am just wondering. I think I recall you saying that v1 took many years and I often wonder about how you write code as you have said many time you don't set milestones with dates and you have have a high regard for quality. I guess I must have missed you saying you were doing a v2 for DNS benchmark, I’ve been trying to listen to SN, but I guess as a multitasker I am missing parts. I am a bit confused as to how this affects spinrite v7 development, I like hearing the details on that too.

I guess have one other request that might or might not be possible. With the IsBootSecure I’ve saved an early beta version that you released, it was one that functioned in the console only. I saved it because it seemed easy to disassemble in IDA Pro. I *think* I recall trying to disassemble the final version and it seemed like it was some how obfuscated. I the main reason I disassembled it is to see if I could duplicate your work, with the early beta version I did think I could realistically duplicate the work. I think the key came down too a single API call that checked the fireware. If you don’t want people disassembling you code please say so.
As far a DNS Benchmark v1, that thing is really complicated GUI wise, I am guessing you make custom controls for that. Think that can be done using Windows GDI, but maybe I don’t understand it that well.

I will definitely be buying v2, I thought about buying spinrite once a month just because you are that cool. I am not sure how I could convince you to write a book (or a volume of books) on how you write code. I don’t know if there are any book on writing MASM code using the macro part of MASM, some one such write one. And a few chapters on converting C/C++ header files to MASM include files too!

Thanks!
 
UPDATE: The DNS Benchmark Version 2
just began working with IPv6 nameservers...

1734547765686.png

The original Benchmark was tightly written to only (ever possibly) support for IPv4. The reason for its ultra-tight coupling to IPv4 was that IPv4 addresses are the same 32-bit length as the x86 32-bit registers. Thus, IPv4 addresses could be (and were) held in registers and passed to and returned from functions as unsigned 32-bit integers. NONE of that is possible with IPv6 128-bit addresses, not to mention the domain-name addressing used by the TLS-based DoH, DoT and DoQ secure DNS protocols.

Before I could do anything to “unlock” the Benchmark from its lock on IPv4, I needed to deeply re-engineer the entire thing so that what were 32-bit IPv4 addresses would become 32-bit pointers to generic nameserver data structures. Three days ago I had IPv4 running again under the newly written paradigm, and just minutes ago the first benchmarking of IPv6 nameservers began working.

There's still plenty of work left to do, but the fact that this is working is very encouraging and things are looking good! 👍
 
Any idea on a time table? This is not something that I need, but I am just wondering. I think I recall you saying that v1 took many years and I often wonder about how you write code as you have said many time you don't set milestones with dates and you have have a high regard for quality.
The truest answer sounds snotty but it's not meant to be: “It will take however long it takes.” In general, our experience with my coding is that it generally takes much longer than I expect at the start, the result does much more than we expected at the start, but once it's finished it's effectively bug free.

I guess I must have missed you saying you were doing a v2 for DNS benchmark, I’ve been trying to listen to SN, but I guess as a multitasker I am missing parts. I am a bit confused as to how this affects spinrite v7 development, I like hearing the details on that too.
I'm desperate to return to SpinRite and to begin working on v7. But thanks to my squandering 7 years on the public domain SQRL technology, followed by 4 years spent on the free upgrade to SpinRite v6.1, it's been a long time since GRC has introduced any new commercial software. So before I embark on SpinRite 7, I want to see whether the 1300+ people per day who are downloading the free version of the DNS benchmark would be interested in obtaining additional new features for a modest one-time fee. If so, that would create some welcome new revenue for GRC and would allow the Benchmark to support itself.

Once that's done, I want to create GRC's long-planned super-secure drive wiping/erasing utility for Windows. That would be another new piece of commercial software. And this is a useful progression since I will need to develop a bunch of low-level drive access technology for that which SpinRite v7 will then be able to inherit.

So, I'm working full time to get back to SpinRite 7 via an updated DNS Benchmark and GRC's secure data erasing tool.

I guess have one other request that might or might not be possible. With the IsBootSecure I’ve saved an early beta version that you released, it was one that functioned in the console only. I saved it because it seemed easy to disassemble in IDA Pro. I *think* I recall trying to disassemble the final version and it seemed like it was some how obfuscated. I the main reason I disassembled it is to see if I could duplicate your work, with the early beta version I did think I could realistically duplicate the work. I think the key came down too a single API call that checked the fireware. If you don’t want people disassembling you code please say so.
One of my long standing grievances with Microsoft's executable file formats is that they are SO wasteful of space. It's possible to take a 650K exe and compress it to 165K. So I don't feel that I have any choice, and all of GRC's software is compressed. So it's not deliberately obfuscated, but it does "decompress" on the fly once Windows has loaded it and started it running.

However, for what it's worth, the DNS Benchmark is incredibly complex because it is doing so many different things at once. I use an approach of sharing a mutual-exclusively-locked central data structure that many hundreds of individual treads are updating on the fly. DNS queries are sent out and handlers for their replies are placed onto a central queue. SO MUCH is going on that I cannot imagine attempting to meaningfully reverse-engineer what's going on from a disassembly.

As far a DNS Benchmark v1, that thing is really complicated GUI wise, I am guessing you make custom controls for that. Think that can be done using Windows GDI, but maybe I don’t understand it that well.
You're correct. The benchmark makes heavy use of custom controls which I created from scratch, each one for its specific purpose. When you look at that benchmark performance page while it's running, SO MUCH is happening there. And you can even switch to the tabular display and all of THOSE numbers are also being updated in real time.

I will definitely be buying v2, I thought about buying spinrite once a month just because you are that cool. I am not sure how I could convince you to write a book (or a volume of books) on how you write code. I don’t know if there are any book on writing MASM code using the macro part of MASM, some one such write one.
You should check out Randall Hyde's (U.C Riverside professor) https://www.plantation-productions.com/Webster/ You'll find a LOT of
terrific resources there, and there's coverage (and support) for writing Windows apps in assembler. 👍