[dns-operations] Should medium-sized companies run their own recursive resolver?
daniel at digsys.bg
Wed Oct 16 10:04:38 UTC 2013
On 14.10.13 19:08, Paul Hoffman wrote:
> A fictitious 100-person company has an IT staff of 2 who have average IT talents. They run some local servers, and they have adequate connectivity for the company's offices through an average large ISP.
> Should that company run its own recursive resolver for its employees, or should it continue to rely on its ISP?
As always, it depends.
Ideally everyone should run an validating caching resolver, preferably
on each device. Considering we are far from this reality...
- if they intend to run the resolver on any kind of Windows, forget it.
For many reasons. But let's say we have see enough resolver modifying
- if their ISP is competent enough, which .. sadly few are, then using
the ISP servers is an option. Especially if the company in questions
does not have good resources to host/maintain "servers".
- public resolvers, such as Google or OpenDNS are an option too,
although --- do we want to encourage the entire Internet to depend on a
single point of failure (even if we ignore all other google considerations);
- recursive resolvers do not need much resources. I am actually curious
why there is not large market for appliances of this kind. Perhaps
because due to the low resource requirements, these are often installed
in shared environments. An managed on-premises DNS resolver/cache
appliance is the best option.
By the way, these days "average IT people" are crazy about
virtualization "in the cloud". Running "your own" DNS resolver in the
cloud makes little to no sense.
More information about the dns-operations