Hello,
In your experience, which WAN health check is most reliable for minimizing false positives?
I think there are different personal preferences on this forum.
My personal preference is DNS Lookup to 8.8.8.8 and 8.8.4.4 (Google DNS Servers).
This post might help:
@MartinLangmaid, this might be something right up your alley?
1 Like
Thanks. I just read that article.
Is there a reason you opt for DNS lookup to Google DNS servers vs PING to those servers?
I have been using PING to a mix of DNS servers (one Google, one not), and I’m wondering how Peplink uses that difference. For example, say a ping fails to the first server listed – does Peplink then try the second server automatically?
Hi. Ping will “usually” work, but DNS is more reliable. The reason for that is certain routers “along the way” may discard ping packets – particularly when their load is high. So, when these UDP packets are discarded the Peplink may get a false indication that the WAN is down – when it is not.
Also – Google does not have an “obligation” to respond to pings; however answering to DNS queries is its raison d’etre.
Side note: We usually choose one Google server and one from OpenDNS, although it likely makes little or no difference in reality.
1 Like
Very helpful. Thank you.
I have used ping without problems thus far but I am connecting through an OpenVPN service.
I have thought about using a mix of public DNS resolvers but didn’t want to tie myself to a specific company. I use an OpenDNS and Yandex right now; Yandex owns Duckduckgo and is based in Russia, so they’re as trustworthy as [redacted].
I’ve been toying with a google-free universe for a while just as an experiment (well, to the extent that that’s possible, which it isn’t).
Here is a list of open DNS servers current as of Nov 2017. It’s interesting to read about these. Verisign, for instance, was sued in 2003 for DNS injections and traffic redirection, which is why they now say “we will not sell your info to third parties.” They won’t sell it, they’ll just hire somebody else to do it for them. Level3 was purchased by Centurylink, so if you use that you might as well throw your router into the ocean and hope that a benevolent sperm whale picks up the signal.
I like to mix up my trust model, or at least audit it and know what’s on the field. One can lose a lot of sleep over this kind of thing. I’ve thought about hiring a DNS provider as listed in the router’s interface suggestions, but this seems unnecessary if you have a truly good VPN. They will hook you up with a good DNS service by default.
| DNS_Server |
| Level31 | | 209.244.0.3 | 209.244.0.4 |
| Verisign2 | | 64.6.64.6 | 64.6.65.6 |
| Google3 | | 8.8.8.8 | 8.8.4.4 |
| DNS.WATCH4 | | 84.200.69.80 | 84.200.70.40 |
| Comodo Secure DNS | | 8.26.56.26 | 8.20.247.20 |
| OpenDNS Home5 | | 208.67.222.222 | 208.67.220.220 |
| Norton ConnectSafe6 | | 199.85.126.10 | 199.85.127.10 |
| GreenTeamDNS7 | | 81.218.119.11 | 209.88.198.133 |
| SafeDNS8 | | 195.46.39.39 | 195.46.39.40 |
| OpenNIC9 | | 23.94.60.240 | 128.52.130.209 |
| SmartViper | | 208.76.50.50 | 208.76.51.51 |
| Dyn | | 216.146.35.35 | 216.146.36.36 |
| FreeDNS10 | | 37.235.1.174 | 37.235.1.177 |
| Alternate DNS11 | | 198.101.242.72 | 23.253.163.53 |
| Yandex.DNS12 | | 77.88.8.8 | 77.88.8.1 |
| UncensoredDNS13 | | 91.239.100.100 | 89.233.43.71 |
| Hurricane Electric14 | | 74.82.42.42 | |
| puntCAT15 | | 109.69.8.51 | |
1 Like