22 Bře
2021
22 Bře
'21
0:39
On 2021-03-21 14:04, Alex JOST wrote:
Apologies if this has been asked before, but I was
unable to find
informative
resources about this topic except this[1].
What are the downsides of having a recursive DNS server in front of an
authoritative DNS Server? I'm wondering if all the points listed in the
linked
article are relevant for small scale installations.
Is anyone running such a setup and can share some advice with regards to
rate limiting?
There is *zero* concern for running your own recursive DNS, so long
as
*you* and ONLY you have access to it. It has the added advantage that YOU
get to determine who is authoritative for the root zone "." and others
you are concerned about. As it is likely for you now. All your clients
queries
are sent to your upstream (ISP?) for answers, for which you have no control.
Using the knot recurser, and priming it against a known safe root authority
gives you the advantage of better control. Another advantage is that you now
have
the ability to create filters that block places you don't want to go, and
other such things. SO, in short; if you only grant queries from yourself
(think 127.0.0.1/localhost). There is little to no reason for concern
creating
a local recurser.
HTH
--Chris
[1]: https://www.whalebone.io/separate-dns-servers/
--
Alex JOST