[dns-operations] Should medium-sized companies run their own recursive resolver?
cloos at jhcloos.com
Wed Oct 16 21:29:10 UTC 2013
>>>>> "PF" == Paul Ferguson <fergdawgster at mykolab.com> writes:
JC>> *Every* site should run its own (preferably verifying) resolver.
PF> I have no problem with that as long as they are not open resolvers
Most such devices will be behind a NAT router anyway. At least for now.
And I expect that when v6 is the norm, most sites will run decent
firewalls on the routers -- they'll be used to the idea from the
current need for NAT routing -- with incoming port 53 blocked.
Or routed to an authoritative-only dns box.
It would help if there were small, affordable boxen available which less
technical sites can plop on their lan to do a basic task like dns.
Perhaps a run-from-ram box with a line of write-locked SD cards each
with a mostly-preconfigured single-purpose distribution.
James Cloos <cloos at jhcloos.com> OpenPGP: 1024D/ED7DAEA6
More information about the dns-operations