[dns-operations] Should medium-sized companies run their own recursive resolver?

Rich Goodson rgoodson at gronkulator.com
Mon Oct 14 16:42:42 UTC 2013

I don't have enough information to answer this question.

I don't know what "average" IT talents means.
Do these 2 imaginary staff members know  enough about caching resolvers to be able to figure out that the authoritative servers for exampledomain.tld  have NS records that don't match their glue records and the NS records don't have matching A records, and that's why exampledomain.tld works fine for a day, but then goes dark for the next 24 hours, then repeats?

Does this company have a reason for doing their own caching?  ISP does NXDOMAIN redirection, they want to do DNSSEC validation, want to use RPZ, etc.  Do they have a local mail server that would benefit from a closer cache?

I default to "yes" as well, but if they only have the one local resolver, and don't have any kind of backup (Google/OpenDNS, etc as secondary/tertiary via DHCP or whatever means they use for workstation network configuration), these two imaginary IT staff members could be setting themselves up for an embarrassing outage.  


On Oct 14, 2013, at 11:08 AM, Paul Hoffman <paul.hoffman at vpnc.org> wrote:

> A fictitious 100-person company has an IT staff of 2 who have average IT talents. They run some local servers, and they have adequate connectivity for the company's offices through an average large ISP.
> Should that company run its own recursive resolver for its employees, or should it continue to rely on its ISP?
> --Paul Hoffman
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

More information about the dns-operations mailing list