Friday, 7 January 2011

OpenDNS and slowness with YouTube (and other CDN services): a possible solution

I use OpenDNS a lot. I started using it to - uh - bypass some preposterous interference in my ISPs DNS management from our friendly Italian government. More recently, I discovered its convenience as a free and effective web content filtering tool. When adequately configured, free OpenDNS is very handy in a home-SOHO situation. You configure it on the router/server and no more facebook at work, no more porn in the computerized classrom, no more time-wasters at home (just to make a few examples: and it's not censorship, it's common sense). It's just a matter a tweaking a web form in the OpenDNS account.

However, I've recently experienced an apparently strange behaviour with Youtube: when I use OpenDNS servers, YT is often painstakingly slow. Using my ISP DNS servers makes everything resume its normal (i.e. almost always immediate, except for HD) speed. The problem is that YouTube content delivery network (the massive, multiple data center infrastructure able to serve hundreds of millions of views per day all over the globe) selects the server nearest to me, based on the DNS server querying the resource I'm asking for.  My ISP's DNS is of course one or two hops from me: OpenDNS nearest server is - at the time of this writing - in Amsterdam, and I operate in Tuscany. Why the Googleheads use this rather crude system of geolocation, when there is, well, real geolocation able to pinpoint one ip with a resolution of a few KMs is beyond me.

OpenDNS support forums say that there is no real general-purpose solutions (and there isn't). They write they have some 'peering' with YT, or the recommend to edit one's hosts file to force YT server URLS to the nearest ip. I've read also about using BIND and creating 'fake' authoritative zones for youtube.com and other domains used by YT's CDN like ytimg.com in order to redirect DNS queries for these specific domains to the ISP DNS servers. A (wee) bit awkward and long to configure/install.

The other day I reinstalled an old Sparklan WX-6615GT wireless router of mine, with an ADSL2+ modem I bought for 10 euros in ebay. The 6615GT is a 2004 802.11g AP+4port hub + (ethernet only) router from a rather obscure chinese manufacturer. Its official firmware is obsolete and hasn't been updated in years.
BUT it's a Broadcom based router able to run linux based replacement firmwares, in particular DD-WRT,
DD-WRT is nice because there are ready to use firmware images flashable directly, without the need of using JTAG interfaces or other special hardware (however if you are in the process of upgrade FROM an older DD-WRT image to a newer one you problably would need to upgrade from the sshd-telnet console for memory usage limits - the web interface sometimes simply reboots the router instead of upgrading!).

DD-WRT's wiki also has a very good tutorial on configuring OpendDNS and DSN-O-Matic (another cool OpenDNS  service) in order to have mostly hassle-free OpenDNS and dynamic dns support. The page warns about the problem with CDNs. For its reciped it uses a custom dynamic dns configuration AND Dnsmasq. Dnsmasq is a simple DNS forwader-only server: it's used in dd-wrt and other linux-based firmware but it has been written for 'real' linux.DD-WRT's dnsmasq is just another recompile, with all the features. In dnmasq there is the server = server_ip configuration directive, telling dnsmaq which server it must forward ist queries to. BUT if you read the manpage there is also this variant: --server=/google.com/1.2.3.4   will query 1.2.3.4 only when domains containing google.com a requested. Used with the strict directive and other server= directive it allows to query one's IPS server for specific domains, centralizing the configuration with a minimum of fuss. Take for instance the dnsmasq configuration in DD-WRT wiki:


no-resolv
strict-order
server=208.67.222.222
server=208.67.222.220


This is simply telling to the router to use OpenDNS servers. If your ISP servers are 193.70.152.15 and .25 try this configuration (if they aren't, yes, you should change the ip numbers :-) )


no-resolv
strict-order
server=/youtube.com/193.70.152.15
server=/youtube.com/193.70.152.25
server=/ytimg.com/193.70.152.15
server=/ytimg.com/193.70.152.25
server=/googlevideo.com/193.70.152.15
server=/googlevideo.com/193.70.152.25
server=208.67.222.222
server=208.67.222.220

Now we're telling DNSMasq to use the ISP dns for youtube.com,ytimg.com and googlevideo.com, YT (i think) CDN domains. The strict-order directive makes sure that the first server=directives are observed first.
One can test that this configuration is working by blocking video sharing sites from OpenDNS dashboard: YT should continue to be browsable, other video site should not. Of course the domains used for other CDNs can be used, if need arise. Et voila, YT is back to normal, and you still got OpenDNS. And to think that newer and costlier D-Link and ZyXEL hardware I've bought are not DD-WRT compatible...


No comments:

Post a Comment