On Thu, 24 Oct 2013, Constantine A. Murenin wrote: > BTW, if you start adding DNS servers in far away places around the > world, and with bad connectivity from your target audience, then the > time it takes to resolve your domain for your target audience will > suffer overall, not improve. > > Yes, these ideas are basically exactly the opposite of what the > marketing would lead you to believe.
That said, there are several reasons why handing off the authoritative DNS tasks to an outside source might be worthwhile as long as one still ran a recursive server locally for ones own users. These reasons would include doing DNSSEC as well as dealing with amplification attacks using your pubilc DNS server. My preference is to run a local recursive DNS server on every OpenBSD machine. Just make sure they aren't open. Eric
