[dns-operations] Should medium-sized companies run their own recursive resolver?

Mike Hoskins (michoski) michoski at cisco.com
Wed Oct 16 14:58:38 UTC 2013

-----Original Message-----

From: Jared Mauch <jared at puck.nether.net>
Date: Wednesday, October 16, 2013 3:59 AM
To: Vernon Schryver <vjs at rhyolite.com>
Cc: "dns-operations at mail.dns-oarc.net" <dns-operations at mail.dns-oarc.net>
Subject: Re: [dns-operations] Should medium-sized companies run their
own	recursive resolver?

>On Oct 15, 2013, at 7:28 PM, Vernon Schryver <vjs at rhyolite.com> wrote:
>>> Folks like Comcast have large validating resolvers.  Their customers
>>>should use them.  Folks here are surely going to do the right thing the
>>>majority of the time.  The vast majority of others are going to set
>>>things up once and it *will* be left to rot.  This isn't intentional,
>>>but it naturally happens.
>> The question had nothing to do about J. Sixpack with 37 televisions,
>> phones, and other devices behind a NAT router owned by and remotely
>> maintained by Comcast.  Instead the question concerned a business with
>> 2 IT professionals.  Relying on distant DNS servers is negligent and
>> grossly incompetent for a professionally run network.
>As with many things we will have to disagree.
>Not everyone has the same skill set as those on this list, and that curve
>goes down rather quickly.

I get your point, but also disagree with the subset of folks who maintain
DNS is so hard...  Really?  You can install, configure and keep an AD
forest running -- including keeping the intranet free of the latest trojan
scum the C*O's and sales staff bring in from the local coffee shop -- but
you can't install BIND?

The first decision for a mid-sized company (the subject doesn't say small)
is to invest something in at least one IT person.  Once you have that, I
assume that person can read.  When I first started working at small ISPs,
I didn't know much...but I read and learned.  Today that is easier than
ever!  If you can run yum/apt/whatever and Google "bind template" you're
90% there.

The remaining 10% can be easily had from most any of the available DNS
books, and all of that 10% won't be needed by most of the mid-sized
businesses.  So with minimal competency (e.g. book learning lacking real
experience) you can do better than the 80/20 generally required by IT

So I guess it's more about "lazy" vs "hard" -- or interview practices more
than DNS.  Google also makes conducting a good IT interview easier than
ever.  ;-)

More information about the dns-operations mailing list