[dns-operations] Should medium-sized companies run their own recursive resolver?
Doug Barton
dougb at dougbarton.us
Mon Oct 14 18:46:05 UTC 2013
On 10/14/2013 11:03 AM, Warren Kumari wrote:
>
> On Oct 14, 2013, at 7:08 PM, Paul Hoffman <paul.hoffman at vpnc.org> wrote:
>
>> A fictitious 100-person company has an IT staff of 2 who have average IT talents. They run some local servers, and they have adequate connectivity for the company's offices through an average large ISP.
>>
>> Should that company run its own recursive resolver for its employees, or should it continue to rely on its ISP?
>
> Depends. Seeing as you said "average IT talents" I'm saying "No". These days "average IT talents" for a 100-person company probably means "sorta kinda knows how to make Windows not fall over and also do some Exchange stuff".
>
> My wife does some consulting for a number of companies of this sort of size (and I give her a hand every now and then), and unless the IT folk are actively interested (and most are not) I think running recursive is simply a mistake for them.
> And auth doubly so….
My experience is the same as Warren's, and thus my answer is the same as
well. In theory I agree with Paul about what they *should* do, but in
practice (IME) the skills are not there, and they would end up doing
more harm than good to themselves, and likely the net in general.
We of the DNS literati tend to forget just how difficult this stuff
really is, and how hard it is for companies to prioritize spending money
on things that usually "just work." I can't count the number of times I
got "emergency" calls when I was consulting about how some enterprise
needed my help right away because "the Internet is down" ... only to get
a call 30 minutes later letting me know I wasn't needed because someone
accidentally rebooted the right thing and now "the Internet" is working
again. They don't care, and they don't *want* to care. They just want it
to work.
Doug
PS, 2 IT folk for a 100 person company is extraordinarily generous.
More information about the dns-operations
mailing list