nanog mailing list archives

Re: Recommended DNS server for a medium 20-30k users isp

From: Mark Andrews via NANOG <nanog () lists nanog org>
Date: Mon, 11 Aug 2025 12:22:06 +1000

Use nameservers that support DNS COOKIE (RFC 7873) and enable it if it is not already
on by default.  If the nameserver vendor that you are currently using doesn’t support
DNS COOKIE find a better nameserver.  DNS COOKIE provides cheap protection against off
path DNS spoofing but it only provides protection if both server and client support it.

It’s been 9 years since RFC 7873 was published and in that time just about all of the
servers with broken EDNS implementations that failed to ignore unknown EDNS options,
as per RFC 6981, have been replaced with ones that are RFC compliant.  If you previously
disabled sending DNS COOKIE requests in the past it is time to re-enable it.

Mark

On 8 Aug 2025, at 10:44, DurgaPrasad - DatasoftComnet via NANOG <nanog () lists nanog org> wrote:

Hello all,
Do you have any recommendations for recursive DNS servers for a medium sized (20-30k users) ISP.
We have used powerdns and unbound but sometimes find the caching times a bit on upper side. Any suggestions between 
these two or anything new?
Also need points on how much we tune the settings
pros and cons if any.

Thank you /DP
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/SUTKDISSISPWQY3YGF25FBQNN2JD5HDP/


-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka () isc org

_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/OQ3H56AJA6LRKV3KRIDI7OMFCMV55PGI/

Current thread:

Re: Recommended DNS server for a medium 20-30k users isp, (continued)
- - - Re: Recommended DNS server for a medium 20-30k users isp William Herrin via NANOG (Aug 09)
- Re: Recommended DNS server for a medium 20-30k users isp Bryan Fields via NANOG (Aug 08)
  - Re: Recommended DNS server for a medium 20-30k users isp Steinar Haug via NANOG (Aug 08)
- Re: Recommended DNS server for a medium 20-30k users isp Rich Kulawiec via NANOG (Aug 08)
  - Re: Recommended DNS server for a medium 20-30k users isp Mike Simpson via NANOG (Aug 08)
- Re: Recommended DNS server for a medium 20-30k users isp Tim Burke via NANOG (Aug 08)
- Re: Recommended DNS server for a medium 20-30k users isp Stefan Schmidt via NANOG (Aug 09)
- Re: Recommended DNS server for a medium 20-30k users isp Mike Hammett via NANOG (Aug 09)
- Re: Recommended DNS server for a medium 20-30k users isp Tom Beecher via NANOG (Aug 10)
- Re: Recommended DNS server for a medium 20-30k users isp Ryan Hamel via NANOG (Aug 10)
- Re: Recommended DNS server for a medium 20-30k users isp Mark Andrews via NANOG (Aug 10)