Operating a DNS server is so easy, and latency is such a tiny bit of
overhead, with proper caching, would someone explain why they would use
(share) a 3rd party DNS server at all?
oh.. grr.. this is kind of off topic to the list, but DNS lookups are
critical to email infrastructure, not sure if we should continue the
thread, but..
I can see from a technical perspective, that a large shared server has
greater caching ability in a recursive environment, but mathematically,
the performance boost seems negligible compared to all the aspects of
connectivity..
And almost every very high volume mail server probably needs to perform
more dns lookups than most other services, and they seem to have no
problem doing queries against their own servers.
And with many services blocking queries from open resolvers, including
quad-1 and quad-8, aside from of course the arguments on how that data
is used by 3rd parties, and privacy arguments..
Please enlighten me why do people want to use an open resolver?
It can't be uptime ;)
-- Michael --
On 2021-11-22 8:39 a.m., Joel M Snyder via mailop wrote:
>We tend to run Cloudflare quad-1 rather than Google's quad-8, though
>have hit instabilities with it, too.
I've been working on a fairly large (400+ sites) global WAN project and
the Quad-8 fanboi foo is VERY high worldwide. Each site has an edge
router which is responsible for DNS for the site, so the question is:
what resolvers to use? It was decided we wanted some malware filtering,
so we are using both Quad-9 and the Cloudflare filtering service (not
1.1.1.1 but 1.1.1.2).
What is very interesting is that there are a number of countries and
ISPs which do NOT allow general DNS outbound queries, BUT which have in
place an exception for 8.8.8.8. In other words, we have offices in
countries where using a resolver other than 8.8.8.8 (or the ISP DNS
servers) requires a written request to the ISP/ministry involved.
Since this is happening in a number of countries, it's hard to discern
exactly why 8.8.8.8 is given the exception: perhaps they just got tired
of people complaining or, as the conspiracy theorists propose, they are
intercepting 8.8.8.8 and re-directing to their own in-house servers. Or
some other reason.
Anyway, a bit far from mailops, but just an interesting and fairly
unexpected observation.
jms
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
