On 11/21/2011 12:35 PM, hvom .org wrote:
Hi
DNS Google NS 1 : 8.8.8.8 NS 2 : 8.8.4.4
Good alternative or Bad alternative ?
Best regards
It's a Good Thing to remember when setting up a system, as they are
easy-to-remember emergency DNS resolvers, though I wouldn't recommend
that for production. If you set up 500 machines with Google for DNS
resolution...what do you do if Google decides to get out of that
business? or finds it not profitable so doesn't maintain it well (other
than get a heck of a lot of phone calls, that is).
Better to simply run your own DNS resolver. OpenBSD makes that trivial
in the basic system.
For small offices where I set up an OpenBSD firewall, I always set up a
local DNS resolver, too, usually on the firewall. It Just Works. If
the firewall goes down, no point in worrying about (external) DNS
resolution, so no need for additional redunancy. My DNS local resolvers
never seems to go down and are never overloaded; I can't say the same
about most ISPs. If putting the DNS resolver on the firewall is not
appropriate, you need redundancy, though a pair of machines serving DNS
via CARP may be better than the standard "two separate IP addresses" for
many/most machines needing DNS services.
Really, the only place where OpenBSD enters this question is OpenBSD
does make it really easy and relatively safe to run a DNS Resolver, so
one (or several) less reason not to.
Nick.
