Open DNS Server, are they allowed?
was planning to use my linode to install a DNS server and make it public. A big DNS server, with a lot of cache and some nice extra features. Would this be allowed or for security reasons linode staff wouldn't want Open servers?
I know it could mean a lot of bandwidth but this is another subject
Thank you very much,
Ka.
10 Replies
Thanks for your reply.
Ka.
@KaSt:
Good afternoon,
was planning to use my linode to install a DNS server and make it public. A big DNS server, with a lot of cache and some nice extra features. Would this be allowed or for security reasons linode staff wouldn't want Open servers?
I believe you can do what you like as long as it's legal and isn't going to get anyone blocklisted for spamming. It's your responsibility to make sure it's secure.
If you are setting up alternate root nameservers it has been tried before and never got enough public support. Might be an interesting exercise though.
> I believe you can do what you like as long as it's legal and isn't going to get anyone blocklisted for spamming. It's your responsibility to make sure it's secure.
Pretty much, yes. The various datacenters sometimes block ports, but surely not DNS. And if you're wanting to do something blocked, you can request to be moved to a different DC.
My question comes because I would setup DNS servers with a, let's say, "big cache". But, as any starting caching app, the cache will be empty and I would have to ask Linode DNS servers all the info each time somebody ask my DNS servers.
I can't connect directly to DNS Root Servers as policies prohibit asking directly to them more than once in a "Blue Moon", policy is to ask "Direct Name Servers" which would ask their direct ones and this way up to the Root Name Servers if needed, but not directly. Meaning for me to ask Linode DNS.
So, when I'll launch my service, if 100 people (let's imagine) use it at once at the very beginninng, I would be making a lot of requests to Linode DNS Servers and for this would like to have Linode staff opinion.
Thanks,
Ka.
Ka.
I think, though, that you're misunderstanding how recursive DNS resolution typically works. It doesn't do lookups up a chain of "upstream" servers. Rather, the root servers are queried directly (with the TLD nameserver results cached so it doesn't need to go there every time). From that point, it only needs to query the individual TLD nameservers when an uncached lookup needs to occur.
Unless you're planning to do something bizarre, you'll only need to hit the linode nameservers if you're doing a lookup for a zone that is hosted there.
I'd suggest a look at the O'Reilly book "DNS and BIND", although I would also suggest that you keep some headache tablets to hand