BIND or Unbound are free other than your time to install them, and pretty much any x86 box you can scrounge up will have enough horsepower, so again free other than the power to run it. You should probably have an authoritative DNS server in addition to resolvers. And it never hurts to have a couple *nix boxes on your network for miscellaneous testing and troubleshooting.
If you can’t afford a couple standalone DNS servers or don’t have a suitable NOC environment to locate them, I’d consider maybe something like OpenDNS. I would also throw out that many DDoS attacks involve DNS, so I think I’d want my router to be acting as a router and firewall, and some separate server can be the target of some amplification or IoT-based DNS attack. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Reynolds Sent: Wednesday, October 26, 2016 10:02 AM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik DNS Cache I'm running two ad/malware/ransomware blocking, recursive, caching dns servers right now: one in Chicago and one in Dallas. My local one caches results from those. ... And this is for my house :P On Oct 26, 2016 9:45 AM, "Dennis Burgess" <dmburg...@linktechs.net <mailto:dmburg...@linktechs.net> > wrote: Does it work, yes it is the same as a high performance DNS server, no. Is a dedicated DNS resolvers expensive, no. Getting starting say under 100-150 users, ok, for a while, once you go over that, really need to move to dedicated resolvers. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net <http://www.linktechs.net> Radio Frequiency Coverages: www.towercoverage.com <http://www.towercoverage.com> Office: 314-735-0270 <tel:314-735-0270> E-Mail: dmburg...@linktechs.net <mailto:dmburg...@linktechs.net> -----Original Message----- From: Af [mailto:af-boun...@afmug.com <mailto:af-boun...@afmug.com> ] On Behalf Of Matt Sent: Wednesday, October 26, 2016 8:54 AM To: af@afmug.com <mailto:af@afmug.com> Subject: [AFMUG] Mikrotik DNS Cache Is anyone using the Mikrotik DNS cache as there primary DNS resolver for there clients? Say use a CCR and your largest upstreams DNS server as parent. Should there be any issues with that?