Open DNS Server, are they allowed?

Good afternoon,

was planning to use my linode to install a DNS server and make it public. A big DNS server, with a lot of cache and some nice extra features. Would this be allowed or for security reasons linode staff wouldn't want Open servers?

I know it could mean a lot of bandwidth but this is another subject :D

Thank you very much,

Ka.

10 Replies

I can't think of any reason you'd have trouble running a DNS server on a Linode. Go for it!

Was asking as some generic DNS caching-recursive servers normally available in the Ubuntu source list were not installable. So thought somebody had removed them on purpose… This is why I was asking.

Thanks for your reply.

Ka.

@KaSt:

Good afternoon,

was planning to use my linode to install a DNS server and make it public. A big DNS server, with a lot of cache and some nice extra features. Would this be allowed or for security reasons linode staff wouldn't want Open servers?

I believe you can do what you like as long as it's legal and isn't going to get anyone blocklisted for spamming. It's your responsibility to make sure it's secure.

If you are setting up alternate root nameservers it has been tried before and never got enough public support. Might be an interesting exercise though.

> I believe you can do what you like as long as it's legal and isn't going to get anyone blocklisted for spamming. It's your responsibility to make sure it's secure.

Pretty much, yes. The various datacenters sometimes block ports, but surely not DNS. And if you're wanting to do something blocked, you can request to be moved to a different DC.

Thanks for your replies, let me clarify one thing though.

My question comes because I would setup DNS servers with a, let's say, "big cache". But, as any starting caching app, the cache will be empty and I would have to ask Linode DNS servers all the info each time somebody ask my DNS servers.

I can't connect directly to DNS Root Servers as policies prohibit asking directly to them more than once in a "Blue Moon", policy is to ask "Direct Name Servers" which would ask their direct ones and this way up to the Root Name Servers if needed, but not directly. Meaning for me to ask Linode DNS.

So, when I'll launch my service, if 100 people (let's imagine) use it at once at the very beginninng, I would be making a lot of requests to Linode DNS Servers and for this would like to have Linode staff opinion.

Thanks,

Ka.

How could this be worse than setting 'HostnameLookups On' for a busy Apache site?

We can see if one of them will chime in, but I'm with pclissold, I don't see it being a problem.

Thanks for your support.

Ka.

I don't think they'll have a problem with you running a DNS server. Many of us do, though usually not as a primary service.

I think, though, that you're misunderstanding how recursive DNS resolution typically works. It doesn't do lookups up a chain of "upstream" servers. Rather, the root servers are queried directly (with the TLD nameserver results cached so it doesn't need to go there every time). From that point, it only needs to query the individual TLD nameservers when an uncached lookup needs to occur.

Unless you're planning to do something bizarre, you'll only need to hit the linode nameservers if you're doing a lookup for a zone that is hosted there.

That's the beauty of DNS - it's distributed. What you set up in resolv.conf is just where you start looking.

I'd suggest a look at the O'Reilly book "DNS and BIND", although I would also suggest that you keep some headache tablets to hand ;-) It's available on Safari as well as in paper form.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct