We have run bind authoritative since I got here. They were both virtual appliances when I took over, an Ubuntu variant that was no longer supported, so I moved them to centos with webmin for gui management. We added on net recursive last year, centos with webmin, all our Linux is webmin, clustered so all the Linux infrastructure is centrally managed. Still bind 9, but solid. It's made a huge difference for reverse lookups on our rfc1918 space to verify what our ospf is doing. A simple set of acls isolates out dns from the world, some policies protect us from on net bot net or otherwise malicious dns traffic that would compromise our servers. It does make a huge difference being on net recursive cached. Overall dns traffic actually decreased. And considering the huge hassles we had handing out opendns that forced us to move to Google dns as primary, it's like jesus became erect and spat joy across us. Turns out to be a whole lot less complicated than expected, and super easy to add redundancies.
On Apr 5, 2017 7:47 PM, "Paul Stewart" <p...@paulstewart.org> wrote: > Very correct…. run across this often on a mid/large scale where CDN > traffic getting served from a different country in a lot of cases because > folks are using public DNS servers vs directly on-net > > > On Mar 30, 2017, at 12:10 PM, Mike Hammett <af...@ics-il.net> wrote: > > Until they throttle your DNS traffic... or worse. > > Also, having off-net DNS resolvers means you're potentially not being > served by the best CDN nodes for your network. That makes the performance > of much of the Internet shit. > > > > ----- > Mike Hammett > Intelligent Computing Solutions <http://www.ics-il.com/> > <https://www.facebook.com/ICSIL> > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> > <https://www.linkedin.com/company/intelligent-computing-solutions> > <https://twitter.com/ICSIL> > Midwest Internet Exchange <http://www.midwest-ix.com/> > <https://www.facebook.com/mdwestix> > <https://www.linkedin.com/company/midwest-internet-exchange> > <https://twitter.com/mdwestix> > The Brothers WISP <http://www.thebrotherswisp.com/> > <https://www.facebook.com/thebrotherswisp> > > > <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > ------------------------------ > *From: *"Jon Langeler" <jon-ispli...@michwave.net> > *To: *af@afmug.com > *Sent: *Thursday, March 30, 2017 11:04:46 AM > *Subject: *Re: [AFMUG] anybody else having issues with google dns? > > On the flip side. It's tough to beat the reliability of a DNS server > managed by a mega billion $$ company with specialized IT guys babysitting > everything. > > Jon Langeler > Michwave Technologies, Inc. > > > > On Mar 30, 2017, at 11:31 AM, Dennis Burgess <dmburg...@linktechs.net> > wrote: > > > > Why you should have your own DNS servers :) > > > > > > Dennis Burgess – Network Solution Engineer – Consultant > > MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, > MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: dmburg...@linktechs.net > > > > > > -----Original Message----- > > From: Af [mailto:af-boun...@afmug.com <af-boun...@afmug.com>] On Behalf > Of Tim Reichhart > > Sent: Thursday, March 30, 2017 10:19 AM > > To: af@afmug.com > > Subject: [AFMUG] anybody else having issues with google dns? > > > > Is anybody else having issues with google dns? because when I ping > 8.8.8.8 I get timedout or takes forever to load google.com > > > > > > > > >
