[dns-operations] Should medium-sized companies run their own recursive resolver?
paul at redbarn.org
Fri Oct 18 01:00:38 UTC 2013
Fred Morris wrote:
> On Thu, 17 Oct 2013, Jared Mauch wrote:
>> Most of these "advanced" DNS things like RRL, RPZ and others aren't for
>> the faint of heart. Most people don't watch/monitor logs like those here.
if we had spent the man hours which have been used up by this thread,
collaborating to build an ISO image in kvm, vmware, and xen formats,
that did nothing but boot up and offer recursive dns to the local LAN,
with auto-update of dnssec keys, default limits for rate limiting, and a
subscription to an RPZ that was hosted say by DNS-OARC, then we'd be
done by now. it could have a slightly custom kernel that allowed the
server to specify IP.TTL=3 in sendmsg().
that is, we could be done by now, shipping it, arguing about how to
document it and support it and publicize its existence. we could be
making the rounds of our respective friends and families to find all the
openwrt forks and get each of them to offer identical functionality.
somebody could write a BCP about it.
done by now. out the door. boat in water.
instead, we argue about whether it ought to be done.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations