On 5/18/2017 5:46 PM, David Jones wrote:
it should be pretty clear now to not use a forwarding DNS server locally and
do not point the server to another DNS server in /etc/resolv.conf.
Thanks David!
Some may be interested to know at least 15% of my entire labor
"overhead" for running invaluement - involves playing "whack a mole" (so
to speak) with both testers and existing subscribers - whose DNS
settings CONSTANTLY revert back to sending direct queries to invaluement
via Google and/or OpenDNS - which are then blocked - even as the
instructions were extremely clear about how/why not to do it that way.
In many cases, they explain to me that their settings got
auto-overwritten by their hoster - who just HAD to switch their
resolv.conf file back to 8.8.8.8
In some rare worst case scenarios - I have to "fire the customer", due
to many repeated incidents where the labor involved in constantly
babysitting their settings - was no longer worth their subscription payment.
And unfortunately there is just basically a very sizable portion of IT
professionals in the entire world... probably hundreds of thousands of
IT people - who have been convinced that pointing all DNS to 8.8.8.8 is
standard operating procedure that they think is always the best way.
For me, it feels like annoying busy work. Imagine that for at least one
hour out of your day - you have to stop what you're doing and dig a hole
in your back yard - and then fill it back in.
So I'm grateful every time I see thread like this that pushes back
against that, and encourages others to run industry standard
non-forwarding caching DNS servers.
THANKS!
--
Rob McEwen
http://www.invaluement.com
