Well said … I’m a big fan of this topic as you might tell … ;) We run unbound for recursive caching resolvers … each POP has several of them and they all participate with anycast. This way customers will get DNS lookups from the closest set of resolvers in the network at all times. Should there be an issue with those resolvers then the next closest POP will continue to answer customers etc.
For authoritative DNS we use PowerDNS … mainly because we like the ability to do direct database updates via automation tools that build things like reverse DNS for interfaces etc. This system is not anycasted today but secondary is a 3rd party doing so. Plan is to move this to our own anycasted instance over the next while. Paul > On Apr 6, 2017, at 12:15 AM, Steve Jones <thatoneguyst...@gmail.com> wrote: > > We have run bind authoritative since I got here. They were both virtual > appliances when I took over, an Ubuntu variant that was no longer supported, > so I moved them to centos with webmin for gui management. We added on net > recursive last year, centos with webmin, all our Linux is webmin, clustered > so all the Linux infrastructure is centrally managed. Still bind 9, but > solid. > It's made a huge difference for reverse lookups on our rfc1918 space to > verify what our ospf is doing. A simple set of acls isolates out dns from the > world, some policies protect us from on net bot net or otherwise malicious > dns traffic that would compromise our servers. It does make a huge difference > being on net recursive cached. Overall dns traffic actually decreased. And > considering the huge hassles we had handing out opendns that forced us to > move to Google dns as primary, it's like jesus became erect and spat joy > across us. Turns out to be a whole lot less complicated than expected, and > super easy to add redundancies. > > On Apr 5, 2017 7:47 PM, "Paul Stewart" <p...@paulstewart.org > <mailto:p...@paulstewart.org>> wrote: > Very correct…. run across this often on a mid/large scale where CDN traffic > getting served from a different country in a lot of cases because folks are > using public DNS servers vs directly on-net > > >> On Mar 30, 2017, at 12:10 PM, Mike Hammett <af...@ics-il.net >> <mailto:af...@ics-il.net>> wrote: >> >> Until they throttle your DNS traffic... or worse. >> >> Also, having off-net DNS resolvers means you're potentially not being served >> by the best CDN nodes for your network. That makes the performance of much >> of the Internet shit. >> >> >> >> ----- >> Mike Hammett >> Intelligent Computing Solutions <http://www.ics-il.com/> >> <https://www.facebook.com/ICSIL> >> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >> <https://www.linkedin.com/company/intelligent-computing-solutions> >> <https://twitter.com/ICSIL> >> Midwest Internet Exchange <http://www.midwest-ix.com/> >> <https://www.facebook.com/mdwestix> >> <https://www.linkedin.com/company/midwest-internet-exchange> >> <https://twitter.com/mdwestix> >> The Brothers WISP <http://www.thebrotherswisp.com/> >> <https://www.facebook.com/thebrotherswisp> >> >> >> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >> From: "Jon Langeler" <jon-ispli...@michwave.net >> <mailto:jon-ispli...@michwave.net>> >> To: af@afmug.com <mailto:af@afmug.com> >> Sent: Thursday, March 30, 2017 11:04:46 AM >> Subject: Re: [AFMUG] anybody else having issues with google dns? >> >> On the flip side. It's tough to beat the reliability of a DNS server managed >> by a mega billion $$ company with specialized IT guys babysitting >> everything. >> >> Jon Langeler >> Michwave Technologies, Inc. >> >> >> > On Mar 30, 2017, at 11:31 AM, Dennis Burgess <dmburg...@linktechs.net >> > <mailto:dmburg...@linktechs.net>> wrote: >> > >> > Why you should have your own DNS servers :) >> > >> > >> > Dennis Burgess – Network Solution Engineer – Consultant >> > MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE >> > >> > For Wireless Hardware/Routers visit www.linktechs.net >> > <http://www.linktechs.net/> >> > Radio Frequency Coverages: www.towercoverage.com >> > <http://www.towercoverage.com/> >> > Office: 314-735-0270 <tel:(314)%20735-0270> >> > E-Mail: dmburg...@linktechs.net <mailto:dmburg...@linktechs.net> >> > >> > >> > -----Original Message----- >> > From: Af [mailto:af-boun...@afmug.com <mailto:af-boun...@afmug.com>] On >> > Behalf Of Tim Reichhart >> > Sent: Thursday, March 30, 2017 10:19 AM >> > To: af@afmug.com <mailto:af@afmug.com> >> > Subject: [AFMUG] anybody else having issues with google dns? >> > >> > Is anybody else having issues with google dns? because when I ping 8.8.8.8 >> > I get timedout or takes forever to load google.com <http://google.com/> >> > >> > >> > >
