On Thu, Aug 7, 2025, 20:45 DurgaPrasad - DatasoftComnet via NANOG < [email protected]> wrote:
> Hello all, > Do you have any recommendations for recursive DNS servers for a medium > sized (20-30k users) ISP. > We have used powerdns and unbound but sometimes find the caching times a > bit on upper side. Any suggestions between these two or anything new? > Also need points on how much we tune the settings > pros and cons if any. > > Thank you /DP <https://lists.nanog.org/archives/list/[email protected]/message/SUTKDISSISPWQY3YGF25FBQNN2JD5HDP/> It's surprising that you didn't get the performance you hoped for out of PowerDNS. You already tried the suggestions in their tuning guide[0], I'm assuming? You may also want to load in entire zones to the hot cache[1]. And there's always horizontal scaling; sometimes you just plain hit limits on vertical scale. I haven't tried it yet, but dnsdist[2] should let you do this. (Or keepalived and/or HAproxy, or... etc. Any loadbalancer that can handle raw TCP and UDP.) Dnsdist in particular seems explicitly targeted towards a large set of untrusted clients with additional optional "safeguarding/consumer protection" features. Quad9 uses it in some fashion, if I recall correctly. [0] https://doc.powerdns.com/recursor/performance.html [1] https://docs.powerdns.com/recursor/lua-config/ztc.html [2] https://www.dnsdist.org/index.html _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/IAOL37EZ47XTB7KJLFLM3VIZERWXHJXB/
