Claudio Lapidus <clapi...@gmail.com> writes: > We are a mid-sized carrier (1.2M broadband subscribers) and we are > looking for an upgrade in our public DNS resolver infrastructure, so we > are interested in getting to know what are you guys using in your > networks. Mainly what kind/brand of software and which architecture did > you use to deploy it, and how did you do the sizing, all of it would be > most helpful information.
Unsurprisingly, we (AS1280, AS3557) run BIND 9. see <http://www.isc.org/>. We have at least two recursives in each AS1280 site, and one in each AS3557 location (f-root). Stubs (either /etc/resolv.conf or DHCP) each use all local plus some non-local, for a minimum of three total. Recursive DNS servers do not use forwarding or other cache-sharing techniques, each is fully independent. Most have DNSSEC validation enabled, and of those, all are subscribed to ISC DLV, see <http://dlv.isc.org/>. Most server hosts here run FreeBSD on AMD64/EM64T or else i386. -- Paul Vixie KI6YSY
