On 2/25/2013 11:31 AM, Joe Provo wrote:
On Mon, Feb 25, 2013 at 07:26:07PM +0200, Graham Beneke wrote:
I discovered the other day that a large customer of $dayjob has decided
that it is a good idea to outsource the LAN support for their head
office and NOC to a mom-and-pop IT shop. While I question the wisdom in
that, I was far more concerned by the fact that this mom-and-pop shop
had configured Google Public DNS as the resolver for everything on their
LAN.
Now on my corner of the planet Google DNS is 190ms away. Never mind the
mess we have with all the CDNs mapping their traffic to a different
continent.
So what are you thoughts on capturing these queries and answering them
on local resolvers that are <10ms away?
The folks at Google are certainly not going to encourage us to spoof
responses from their servers but are there any other potential pitfalls
with doing this to save the customers from themselves?
I don't think *anyone* would encourage, reccomend or endorse hijacking
someone else's resolver addresses. What ever happened to providing the
service and educating the customer[s]?
I would check to see what happens to domains that don't exist. Esp
asking for the MX records for a domain that doesn't exist.
I had heard stories that some public resolvers will resolve when they
should not. For surfing, minor issue. For a mail server, major issue.
Lyle Giese
LCR Computer Services, Inc.
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
