nanog mailing list archives

Re: Recommended DNS server for a medium 20-30k users isp

From: Nick Hilliard via NANOG <nanog () lists nanog org>
Date: Fri, 8 Aug 2025 12:05:01 +0100

Saku Ytti via NANOG wrote on 08/08/2025 10:23:

Eventually you will manage to cause an issue, where all advertisements
are falsely pulled.


Someone up-thread mentioned firewalling DNS servers.

Withdrawing DNS service workers due to firewall state overloading cancause cascading service failure which can take out an entire DNSinfrastructure within milliseconds. Don't ask me how I know this.


Also obviously works when n=1.

tl;dr: packet filters only for DNS, preferably in hardware. Don't everuse state tracking.


Nick
_______________________________________________

NANOG mailing listhttps://lists.nanog.org/archives/list/nanog () lists nanog org/message/UGOKLG42SE3GHENKGQMMO63RZ5GWOTM6/

Current thread:

Re: Recommended DNS server for a medium 20-30k users isp, (continued)
- - - Re: Recommended DNS server for a medium 20-30k users isp Crist Clark via NANOG (Aug 07)
    - Re: Recommended DNS server for a medium 20-30k users isp Mike Hammett via NANOG (Aug 08)
    - Re: Recommended DNS server for a medium 20-30k users isp brent saner via NANOG (Aug 07)
    - Re: Recommended DNS server for a medium 20-30k users isp Robert L Mathews via NANOG (Aug 08)
- Re: Recommended DNS server for a medium 20-30k users isp Marco Moock via NANOG (Aug 07)
- Re: Recommended DNS server for a medium 20-30k users isp William Herrin via NANOG (Aug 08)
  - Re: Recommended DNS server for a medium 20-30k users isp David Guo via NANOG (Aug 08)
- Re: Recommended DNS server for a medium 20-30k users isp Måns Nilsson via NANOG (Aug 08)
  - Re: Recommended DNS server for a medium 20-30k users isp Saku Ytti via NANOG (Aug 08)
    - Re: Recommended DNS server for a medium 20-30k users isp Måns Nilsson via NANOG (Aug 08)
    - Re: Recommended DNS server for a medium 20-30k users isp Nick Hilliard via NANOG (Aug 08)
    - Re: Recommended DNS server for a medium 20-30k users isp Mel Beckman via NANOG (Aug 08)
    - Re: Recommended DNS server for a medium 20-30k users isp Nick Hilliard via NANOG (Aug 08)
    - Re: Recommended DNS server for a medium 20-30k users isp Mel Beckman via NANOG (Aug 08)
    - Re: Recommended DNS server for a medium 20-30k users isp Łukasz Bromirski via NANOG (Aug 09)
    - Re: Recommended DNS server for a medium 20-30k users isp Måns Nilsson via NANOG (Aug 09)
    - Re: Recommended DNS server for a medium 20-30k users isp Mel Beckman via NANOG (Aug 09)
    - Re: Recommended DNS server for a medium 20-30k users isp Saku Ytti via NANOG (Aug 09)
    - Re: Recommended DNS server for a medium 20-30k users isp Mel Beckman via NANOG (Aug 09)
    - Re: Recommended DNS server for a medium 20-30k users isp Mark Andrews via NANOG (Aug 09)
    - Re: Recommended DNS server for a medium 20-30k users isp Tom Beecher via NANOG (Aug 10)

(Thread continues...)