Signal feed
Post
Remote status
Context
5nuintari's rules of networking 0x05:
A proper recursive name server is local to your network. Never use any of the commercial providers that really want your DNS traffic. They really want your DNS traffic for a reason. That reason does not have your best interests at heart.
DNS is not hard.
@nuintari what are you using for upstream resolvers? root servers or secondary resolver?
@jae I go straight to the root for most of my installations. Barring that, I use the ISP's DNS unless they are one of the couple nasty ISPs that do questionable shit with their DNS resolvers.
@nuintari i assume most isps who provide resolvers are logging requests. root servers are a good option. i run external recursive resolvers across the globe. local recursive resolver tunnels traffic upstream to them. works pretty well
no amplification attacks in 2 years.
@jae I have worked for..... seven? ISPs now. We explicitly did not log queries at all of them.
Maybe the lesson here is, if you want to log DNS queries, don't hire me, because I won't let it happen. I'm not alone either.
@nuintari i'm with you. i worked for two in my career (circa 90s/00s). we had an explicit rule set to never log traffic of any user, ever. unless coerced by .gov. luckily never had to deal with it
Replies
1We can't find the internet
Attempting to reconnect
Something went wrong!
Attempting to reconnect
![๐๐๐[ร]โข](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/115/004/535/892/913/622/original/2c6cd201d2d8fa13.jpg)
