[dns-operations] Should medium-sized companies run their own recursive resolver?
rubensk at nic.br
Mon Oct 14 17:28:59 UTC 2013
Em 14/10/2013, às 13:08:000, Paul Hoffman escreveu:
> A fictitious 100-person company has an IT staff of 2 who have average IT talents. They run some local servers, and they have adequate connectivity for the company's offices through an average large ISP.
> Should that company run its own recursive resolver for its employees, or should it continue to rely on its ISP?
Every answer to this question will be qualified with IMHO I guess, but IMHO the company should run a single recursive server and offer both its own server and another server of its choosing to its users. Most platforms these days will take two servers and ask both of them for that information, so agility can be achieved by a fast internal recursive server, and if that server goes down, the slower external server will still be answering requests.
The choice of external server may prove somewhat tricky; they might want to restrict to servers that perform DNSSEC validation like 184.108.40.206 if their own server is doing validation.
https://code.google.com/p/namebench/ is a very straightforward tool to evaluate recursive DNS choices, and I'm not afraid to recommend it to average or below average IT personnel. If one of the committers in this project is reading this, my only feature request would be to also test for DNSSEC (https://code.google.com/p/namebench/issues/detail?id=124).
More information about the dns-operations