2008-08-10

Desktop Linux suckage: DNS caching

Ignoring all the things that I knew 8.04 outright broke for me going in to this, the first new thing I noticed was that Linux coped a lot less well with Comcast's utterly craptastic DNS servers than Mac OS did.

Judging by my quick experiments, about one in ten DNS queries just doesn't come back from Comcast's DNS servers, so the waiting application just sits there, looking back at me with an unblinking stare until it finally times out, and then fails. I'd noticed this problem before, but not much, because I was still doing most non-coding on the Mac.

I didn't investigate why the Mac copes better, but the always-truthful internets support the obvious assumption that Mac OS and Windows XP have local DNS caches. Presumably Apple and Microsoft got sick of lame ISPs making their OSes look bad. I was certainly quite surprised that my Ubuntu box was doing no caching at all by default (though some applications do their own, to work around this at the level they have some control over).

I installed dnsmasq for local caching, and shortly afterwards switched from Comcast to OpenDNS when I saw no sign of Comcast reacting to Kaminsky's widely-publicized DNS flaw. (Read Kaminsky's slides if you haven't already, even if you think you know what they're going to say. There's a lot of interesting stuff in there.)

The consequence of not caching by default is that Ubuntu doesn't handle real-world shitty ISP DNS servers as well as Mac OS and Windows do. I don't know if this is better in other distributions; a quick web search certainly shows that Linux users have a wide variety of DNS caching alternatives to choose from. I don't know why one isn't running by default.

Passing on DNS lossage to me, the end-user, was the most visible problem when I switched to only using Ubuntu, because it was relatively crippling. You get sick of Firefox's "Looking up" status text very fast. This is a problem because DNS is pretty deep magic to most people. Sure, you can explain it's like "a phone book for the internet", but I'm unconvinced that really helps get the idea across, and more to the point, who's out there explaining DNS to the masses? And why should anyone but a sysadmin care about DNS anyway? Especially when "here's a nickel, kid; get yourself a Mac OS or Windows license" would mean they don't have to.

We can fix this. We even have at least three solutions ready-written and raring to go. We just need someone in power to flip the switch.

Problem: the inmates are running the asylum, and even assuming you can get them to accept there's a problem, it's very hard to get them to agree on a solution.

Ignoring for the moment the question of whether Linux has the applications people need, not coping with common ISP problems is the kind of low-level stuff that makes the difference for most people. This is the stuff that keeps people stuck on (or drives the brave ones back to) Mac OS or Windows. And I'm not just talking about people so many of us feel comfortable looking down upon; I'm talking about people like you and me. Not having the time to track down problems like this has kept me from giving up my Mac for months. Demanding all your users have the ability, inclination, and time to solve technical puzzles is setting the bar pretty high. Almost everyone I know (geeks included) lacks one or more of those things.

And before you blame Comcast rather than Ubuntu, on the basis that it's Comcast's DNS that sucks, bear in mind that they have hundreds of thousands of customers you'd like to have as users. If you think it's only Comcast's DNS that sucks, you're sadly mistaken. Also bear in mind that ISP DNS servers are not going to get fixed. Not ever. As long as Mac OS and Windows users are unaffected, there's simply no motivation for them to do so. And none of these users are going to switch to Linux, as long as it "breaks the web" for them.