Our nameservers handle both the authoritative and recursive traffic, but we use ACLs to restrict recursive queries to just our users.
If I understand your second sentence correctly, then yes, our DHCP server hands out the DNS servers, of which one of the three is outside our own network. Frank -----Original Message----- From: Patrick W. Gilmore [mailto:patr...@ianai.net] Sent: Tuesday, February 16, 2010 9:33 PM To: NANOG list Subject: Re: History of 4.2.2.2. What's the story? On Feb 16, 2010, at 10:24 PM, Frank Bulk wrote: > We do. It's at our upstream provider, just in case we had an upstream > connectivity issue or some internal meltdown that prevented those in the > outside world to hit our (authoritative) DNS servers. Of course, that's > most helpful for DNS records that resolve to IPs *outside* our network. What you describe - authorities used by people off your network to resolve A records with IP addresses outside your network - is not what Joe was describing. What the recursive name server your end users queried to resolve names, the IP address in their desktop's control panel, outside your network? I can see a small ISP using its upstream's recursive name server. But to the rest of the world, most small ISPs look like a part of their upstream's network. -- TTFN, patrick > === > <snip> > > For what it's worth, I have never heard of an ISP, big or small, > deciding to place resolvers used by their customers in someone else's > network. Perhaps I just need to get out more. > > Joe > > >
