[dns-operations] Should medium-sized companies run their own recursive resolver?

James Cloos cloos at jhcloos.com
Wed Oct 16 21:29:10 UTC 2013

>>>>> "PF" == Paul Ferguson <fergdawgster at mykolab.com> writes:

JC>> *Every*  site should run its own (preferably verifying) resolver.

PF> I have no problem with that as long as they are not open resolvers

Of course.

Most such devices will be behind a NAT router anyway.  At least for now.

And I expect that when v6 is the norm, most sites will run decent
firewalls on the routers -- they'll be used to the idea from the
current need for NAT routing -- with incoming port 53 blocked.
Or routed to an authoritative-only dns box.

It would help if there were small, affordable boxen available which less
technical sites can plop on their lan to do a basic task like dns.

Perhaps a run-from-ram box with a line of write-locked SD cards each
with a mostly-preconfigured single-purpose distribution.

James Cloos <cloos at jhcloos.com>         OpenPGP: 1024D/ED7DAEA6

More information about the dns-operations mailing list