[dns-operations] Should medium-sized companies run their own recursive resolver?

Jared Mauch jared at puck.nether.net
Wed Oct 16 21:12:17 UTC 2013


Comcast doesn't give me broken name servers to use, there is no cognitive dissonance here :-)

You are a DNS expert. Most end users when DNS fails think everything has failed, including the network.

I type URLs into my browser. Do you know how many people type google into the google search box? Or the yahoo box?

You seem disconnected from the average user and average user tech support.

Even small networks (I have a friend with a ~100 user wisp) shouldn't run their own caches. The economics of it don't support this.

- Jared 

> On Oct 16, 2013, at 10:37 AM, Vernon Schryver <vjs at rhyolite.com> wrote:
> 
> Folks like Comcast have large validating resolvers.  Their customers
> ] should use them.  
> 
> despite https://www.google.com/search?q=COMCAST+dns+hijacking
> 
> If you check the pages found by that URL, you'll see
>  - older reports that Comcast was phasing out DNS hijacking
>  - more recent reports of redirection or hijacking of 58/UDP
>     packets--not just falsified results from those big Comcast DNS
>     servers but packet hijacking
>  - far more complication, confusion, and mystification than is
>     realistic to expect a two person IT department to resolve.



More information about the dns-operations mailing list