[dns-operations] Should medium-sized companies run their own recursive resolver?

Simon Lyall simon at darkmere.gen.nz
Tue Oct 15 00:48:49 UTC 2013

On Mon, 14 Oct 2013, Doug Barton wrote:
> We of the DNS literati tend to forget just how difficult this stuff really 
> is, and how hard it is for companies to prioritize spending money on things 
> that usually "just work."

I'm a little concerned at the answers here. Surely a recursive resolver is 
one of the simplest services in the world to configure? You basically 
enable it, make sure recursion is on[1] and update DHCP or whatever to use 
it. Add another server for luck and put a "Turning this off breaks 
Internet" sticker on it if you want it robust.

I'm not entirely sold on using Google DNS or OpenDNS. In my case there 
are/were several thousand km and and few counties away so didn't produce 
the best performance, they also introduce a dependence on upstream 
services several hops away.

[1] If it is inside the firewall ignore the ACLs, Also ignore the logs 
cause nobody will read them anyway. That leaves about a 6 line bind 

Simon Lyall  |  Very Busy  |  Web: http://www.darkmere.gen.nz/
"To stay awake all night adds a day to your life" - Stilgar | eMT.

More information about the dns-operations mailing list