On Tue, 29 Jan 2008, Royce Williams wrote:
> I must respectfully disagree, as I think that I did the last time that
> a thread like this went this direction.
>
> The whole point of the design of the DNS infrastructure is to
> distribute load. Everyone running their own server doesn't scale.
You're right in general, however, we are talking about a small group of
techies, the increase in load if all of AKLUG were to do it (much less all
LUG members worldwide) would be minor. And, quite frankly, I'd be remiss in
telling people not to when that's exactly what I've been doing for over a
decade.
Now, I'm not saying you should run local caching DNS on every box, I think
it's perfectly acceptable to run one DNS server at home, and assume you'll be
setting that DNS as the primary in your DHCP lease options (or statically)
for all your other hosts at home.
That said, if you do go down this road, please do so sensibly: whether or
not you're running DNS behind a NAT box you should still practice standard
security practices, which means you should only open DNS in your firewall to
your internal subnet, and it within the application itself you should have
ACLs restricting queries to that same LAN.
If anyone needs any pointers on this, let me know. It's a lot easier than
you think. Setting up a caching DNS server securely with ISC Bind talks
only a few minutes.
At the end of the day, I encourage everyone to do this. As
techies/geeks/hackers that's what we do, right? We learn how core
technologies work and use them to improve the quality of our lives (well,
at least the network ;-).
> I encourage anyone with this symptom to document it -- perhaps by
> using Nagios or otherwise monitoring your provider's DNS
> responsiveness over a period of time -- and reporting it to your
> provider, whether it be GCI, ACS, AT&T, Clearwire, AP&T, TelAlaska, or
> Joe's ISP and Sandwich Shop. :)
I agree with this.
--Arthur Corliss
Live Free or Die
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Jan 29 07:56:57 2008
This archive was generated by hypermail 2.1.8 : Tue Jan 29 2008 - 07:56:57 AKST