[dns-operations] Should medium-sized companies run their own recursive resolver?

Jared Mauch jared at puck.nether.net
Wed Oct 16 21:14:50 UTC 2013

Understanding how this works is not networking or DNS 101. Limiting the scope with TTL isn't that easy.

Can you point someone at docs for how to do that in a point and click fashion?

> On Oct 16, 2013, at 11:03 AM, Vernon Schryver <vjs at rhyolite.com> wrote:
> There is a trivial and easy way to keep a recursive DNS server intended
> for an organization with a 2 person IT departement from being open to
> the entire Internet.  Set the IP TTL on responses both TCP and UDP to
> a small number such as 3 or 5.

More information about the dns-operations mailing list