[dns-operations] Should medium-sized companies run their own recursive resolver?

Wiley, Glen gwiley at verisign.com
Mon Oct 14 18:09:16 UTC 2013


While the concern about the link to the outside world is an issue, the
same concern holds for whatever provides your connectivity.  As a matter
of practice, when designing for availability you want to focus on the
least reliable layers in a stack before focusing on other layers,
otherwise your availability improvements are potentially nil.

If you can run a more reliable recursive server than your provider (or
google or whoever) then by all means, however there are probably more
meaningful places to spend your resources if you have a small company.

On the other hand, if there is a functional reason for running your own
recursive server that is entirely different, for example filtering via
DNS, split view zones etc.
-- 
Glen Wiley
KK4SFV

Sr. Engineer
The Hive, Verisign, Inc.




On 10/14/13 1:48 PM, "Carlos M. Martinez" <carlosm3011 at gmail.com> wrote:

>The problem that i see is that if you don't run your local DNS, then if
>your link with the outside world goes down, you're essentially toasted
>even for your own, locally hosted, services.
>
>This may not be a concern if you live in the more developed parts of the
>world, but down south here, trust me, it is.
>
>Granted, you can teach your users to access your printers and local file
>servers by IP, but that hardly seems a sane approach in the long run.
>
>Here in the true 'deep south', people run 30-40 people SOHOs behind
>dynamic-IP ADSL lines, which change addresses every 12 hours. Some of
>them even do clever tricks to load-balance cheap DSL lines.
>
>So, yes, I think running your own DNS is something important to do, not
>only for recursion but for resolving local resources as well.
>
>Cheers!
>
>~Carlos
>
>On 10/14/13 3:41 PM, Richard Lamb wrote:
>> If google concerns are irrelevant I'd say just use 8.8.8.8 (like many
>>corps already do).  Safety in numbers, deep pockets and lawyers ;-)
>> 
>> Sent from my iPhone
>> 
>> On Oct 14, 2013, at 9:09, "Paul Hoffman" <paul.hoffman at vpnc.org> wrote:
>> 
>>> A fictitious 100-person company has an IT staff of 2 who have average
>>>IT talents. They run some local servers, and they have adequate
>>>connectivity for the company's offices through an average large ISP.
>>>
>>> Should that company run its own recursive resolver for its employees,
>>>or should it continue to rely on its ISP?
>>>
>>> --Paul Hoffman
>>> _______________________________________________
>>> dns-operations mailing list
>>> dns-operations at lists.dns-oarc.net
>>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>>> dns-jobs mailing list
>>> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>> dns-jobs mailing list
>> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>> 
>_______________________________________________
>dns-operations mailing list
>dns-operations at lists.dns-oarc.net
>https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>dns-jobs mailing list
>https://lists.dns-oarc.net/mailman/listinfo/dns-jobs




More information about the dns-operations mailing list