Matthias Leisi wrote:
jdow schrieb:
| (And if you're running an "'ix" operating system - why aren't you
running a
| DNS server. That's one of the first "hairy chested 'ix things" I ever
Since operating a sizeable DNS infrastructure, I came to prefer to
people using a shared/common/ISP-provided nameserver.
you can still use a local caching dns (like a proxy). while this adds a
piece of software, it also brings some valuable advantages.
Since many mailservers will query the same DNS-related information (eg
DNSxL lookups on widely-used mailservers like eg from Yahoo, or from the
same botnets), traffic savings through caching are _considerable_.
If you're happy with that, we're happy for you :)
if you have a reliable DNS service, it's good for you. but if you are
not sure it is protected enough (if it gets poisoned, you are poisoned
too. and it gets easier to DDoS the whole network, ...). and there are
other problems, as this thread shows.
BTW. do we have numbers on how many ISPs did update their bind
implementations (or have "safe" workarounds) after the recent bug
disclosure?
