[dns-operations] resolvers considered harmful

Paul Vixie paul at redbarn.org
Thu Oct 23 17:36:37 UTC 2014

i encourage anyone who thinks full resolvers can run inside end hosts
which currently run stub resolvers, to try it.

BIND9 runs fine on windows and macos laptops. so, without even touching
the real growth area of the edge (which is mobile devices like smart
phones), you can get a sense of how rarely you'll be able to perform dns
lookups, if you just switch to as your name server (override
this in your dhcp settings) and run a recursive dns server there.

until you have done this and have results to report, you'd be wise not
to make any claims about this possibility.

(i've done this for over a decade, but, i always have a VPN open, which
can use TCP/80 as a backup carriage path, and the VPN is absolutely
necessary in my experience, and, that is a rather high bar for making
localhost do dns recursion and iteration at scale.)


More information about the dns-operations mailing list