[dns-operations] Should medium-sized companies run their own recursive resolver?
Mike Hoskins (michoski)
michoski at cisco.com
Wed Oct 16 14:58:38 UTC 2013
From: Jared Mauch <jared at puck.nether.net>
Date: Wednesday, October 16, 2013 3:59 AM
To: Vernon Schryver <vjs at rhyolite.com>
Cc: "dns-operations at mail.dns-oarc.net" <dns-operations at mail.dns-oarc.net>
Subject: Re: [dns-operations] Should medium-sized companies run their
own recursive resolver?
>On Oct 15, 2013, at 7:28 PM, Vernon Schryver <vjs at rhyolite.com> wrote:
>>> Folks like Comcast have large validating resolvers. Their customers
>>>should use them. Folks here are surely going to do the right thing the
>>>majority of the time. The vast majority of others are going to set
>>>things up once and it *will* be left to rot. This isn't intentional,
>>>but it naturally happens.
>> The question had nothing to do about J. Sixpack with 37 televisions,
>> phones, and other devices behind a NAT router owned by and remotely
>> maintained by Comcast. Instead the question concerned a business with
>> 2 IT professionals. Relying on distant DNS servers is negligent and
>> grossly incompetent for a professionally run network.
>As with many things we will have to disagree.
>Not everyone has the same skill set as those on this list, and that curve
>goes down rather quickly.
I get your point, but also disagree with the subset of folks who maintain
DNS is so hard... Really? You can install, configure and keep an AD
forest running -- including keeping the intranet free of the latest trojan
scum the C*O's and sales staff bring in from the local coffee shop -- but
you can't install BIND?
The first decision for a mid-sized company (the subject doesn't say small)
is to invest something in at least one IT person. Once you have that, I
assume that person can read. When I first started working at small ISPs,
I didn't know much...but I read and learned. Today that is easier than
ever! If you can run yum/apt/whatever and Google "bind template" you're
The remaining 10% can be easily had from most any of the available DNS
books, and all of that 10% won't be needed by most of the mid-sized
businesses. So with minimal competency (e.g. book learning lacking real
experience) you can do better than the 80/20 generally required by IT
So I guess it's more about "lazy" vs "hard" -- or interview practices more
than DNS. Google also makes conducting a good IT interview easier than
More information about the dns-operations