Hi Nathan, Just thinking out loud:
> There is only about 1000 endpoints of various types, from residential to business. Having worked with Unbound and dnsmasq, I would say the proverb "right tool for the right job applies." I would guess not all 1000 endpoints are on one subnet, maybe half-dozen, correct? If you had dnsmasq running an instance for each subnet, then that might be a bit more reasonable. If you want just one VM and one server, then I might suggest Unbound. Its as easy to configure, and you can just recurse the global Internet instead of forward (or forward or both or whatever). If you don't DHCP-DNS in one, then Unbound is going to work for you. > It only came about because I noticed the quantity of traffic to other resolvers was a lot more than I expected and I guessed caching would improve the experience for the end users. That depends on a lot of things. Statistics would need to be collected to be sure. Compare common cache queries that expire versus unique queries. If your cache pushes "google.com" out, then that may be a problem. If its all the click bait on news sites creating unique DNS lookups to a rotating army of ad-sites, then there isn't much to do. > The only things I use are setting minimum cache ttl to 30 mins... That is pushing the edge for certain cases. Server rotation may make some clients connectivity go dead for that 30 mins. Small business customers with small business web-site/email providers can suffer worse when small business server farm providers make things "difficult." Hope it helps. -Eric _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss