[dns-operations] Should medium-sized companies run their own recursive resolver?
Simon Lyall
simon at darkmere.gen.nz
Tue Oct 15 00:48:49 UTC 2013
On Mon, 14 Oct 2013, Doug Barton wrote:
> We of the DNS literati tend to forget just how difficult this stuff really
> is, and how hard it is for companies to prioritize spending money on things
> that usually "just work."
I'm a little concerned at the answers here. Surely a recursive resolver is
one of the simplest services in the world to configure? You basically
enable it, make sure recursion is on[1] and update DHCP or whatever to use
it. Add another server for luck and put a "Turning this off breaks
Internet" sticker on it if you want it robust.
I'm not entirely sold on using Google DNS or OpenDNS. In my case there
are/were several thousand km and and few counties away so didn't produce
the best performance, they also introduce a dependence on upstream
services several hops away.
[1] If it is inside the firewall ignore the ACLs, Also ignore the logs
cause nobody will read them anyway. That leaves about a 6 line bind
config.
--
Simon Lyall | Very Busy | Web: http://www.darkmere.gen.nz/
"To stay awake all night adds a day to your life" - Stilgar | eMT.
More information about the dns-operations
mailing list