>Operating a DNS server is so easy, and latency is such a tiny bit of >overhead, with proper caching, would someone explain why they would use >(share) a 3rd party DNS server at all?
Speak for yourself, friend. You want me to build 400+ small DNS resolvers and manage them world-wide? Forget the cost of the hardware; now I have to deal with the software, updates, security, long-term management? And this in an organization that is desperately trying to go "server-less" in the offices to cut costs and overhead?
Or are you thinking that I'm going to spin up some massive DNS infrastructure in a data center and ... do a better job than Google? Than Quad-1 Quad-9 CloudFlare or basically anyone? I'm going to have lower latency and more data centers and higher availability than those guys? How much money do you want me to spend on this, compared with what it costs to use the open resolvers which is, um, roughly zero (not completely zero, but roughly zero)? And, by the way, you'd have to justify that money to Elon Musk, so prepare your argument carefully.
I've got a free caching resolver in my edge firewall, but it needs some upstream resolvers to query. I can't make a good argument for anything other than open resolvers. The question for me is WHICH open resolvers.
Remember, we're off-topic here: this is mailop list, but we're talking about a resolver failure which is an end-user computing question. Yeah, if I had a mail server, for sure it'd be talking to a DNS resolver that I own and control. 100% agreement with you on that. Running a DNS resolver is a lot simpler than running a mail service for sure.
But I'm talking about end-user computing in more than 100 countries (none of them the kind where you get gigabit fiber for $19.99/month). Also I guarantee that latency is important in this environment.
To give the right perspective: The experience we have is not that MANY providers are blocking queries to open resolvers, but that SOME providers/countries are and that, as far as I can tell, those same providers UNIVERSALLY allow 8.8.8.8. Today, for 414 sites there are, roughly, 800 ISPs involved, as we try to have 2 links per site at least and the number of sites where this problem hasn't been solved is 6 right now. So I'm not interpreting "1% or so" as many.
jms -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Senior Partner, Opus One Phone: +1 520 324 0494 [email protected] http://www.opus1.com/jms _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
