When an ISP 'only' had ~100Mbps of bandwidth to the greater world, they used to have to play many tricks to get efficiency from links, which takes me back to the days of WCCP (transparent proxying of web traffic) when caching actually worked as most content was static! DNS should be considered as the phone book; if it doesn't work properly then most things stop unless everyone remembers your number/IP address. Perhaps you're calling somone who listens in and then passes your 'call' on. SSL interception is a big question these days in corporate environments when it comes to proxies.
That said, this brings to light another most important topic, that being how much do you trust your provider. The same question which leads you to wonder why Google (and others) provide public DNS resolvers... Same question then extends out to certificate signing authorities and what makes SSL what it is. For those providing compute or storage services, how many of you actually encrypt your customers virtual disks at rest? You can bet your bottom dollar that the good hyperscalers do. Anyhow, thats enough tangents for tonight :) On Wed, Jul 05, 2017 at 07:36:19PM +1000, Jason Leschnik wrote: > That's a really good point Evan, I didn't even think about ISPs > manipulating DNS records in order for them to push traffic through > peerings. Definitely a Catch-22. I'm all ears for advice. I've heard > people swear by only using Google's DNS and those who swear that ISPs > DNS is the gold standard. > > On 5 July 2017 at 19:29, Evan Dent <e...@evandent.com> wrote: > > It's a real tricky thing to get right. I can't give the right answer there. > > > > One thing to remember that if you are not using your ISPs DNS server, you > > may be subject to non optimal routing. For your home situation probably not > > an issue but on your larger connections, it could be a issue. I have seen > > traffic going overseas rather than going to the CDNs in Aus which has > > amounted in reduced performance and increased costs. > > > > It's a catch 22 issue either way you try to deal with it all. > > > > I too would love to hear input from others on this. > > > > > > On 5 Jul. 2017 6:41 pm, "Jason Leschnik" <ja...@leschnik.me> wrote: > > > > What's generally the best practice for setting home resolvers? I've > > been bitten a few times with issues from using Exetel's DNS servers. > > Would it be better to point hosts to a local cache and have that > > forwarding to something like Google? Or maybe Google + OpenDNS? > > > > Regards, > > Jason. > > > > > > > > _______________________________________________ > > AusNOG mailing list > > AusNOG@lists.ausnog.net > > http://lists.ausnog.net/mailman/listinfo/ausnog > > > _______________________________________________ > AusNOG mailing list > AusNOG@lists.ausnog.net > http://lists.ausnog.net/mailman/listinfo/ausnog _______________________________________________ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
