On 14.10.13 19:08, Paul Hoffman wrote:
A fictitious 100-person company has an IT staff of 2 who have average IT
talents. They run some local servers, and they have adequate connectivity for
the company's offices through an average large ISP.
Should that company run its own recursive resolver for its employees, or should
it continue to rely on its ISP?
As always, it depends.
Ideally everyone should run an validating caching resolver, preferably
on each device. Considering we are far from this reality...
- if they intend to run the resolver on any kind of Windows, forget it.
For many reasons. But let's say we have see enough resolver modifying
malware.
- if their ISP is competent enough, which .. sadly few are, then using
the ISP servers is an option. Especially if the company in questions
does not have good resources to host/maintain "servers".
- public resolvers, such as Google or OpenDNS are an option too,
although --- do we want to encourage the entire Internet to depend on a
single point of failure (even if we ignore all other google considerations);
- recursive resolvers do not need much resources. I am actually curious
why there is not large market for appliances of this kind. Perhaps
because due to the low resource requirements, these are often installed
in shared environments. An managed on-premises DNS resolver/cache
appliance is the best option.
By the way, these days "average IT people" are crazy about
virtualization "in the cloud". Running "your own" DNS resolver in the
cloud makes little to no sense.
Daniel
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
