[mdlug] OT: Comcast rant
Joseph C. Bender
jcbender at bendorius.com
Mon Feb 23 07:49:50 EST 2009
Aaron Kulkis wrote:
> gib at juno.com wrote:
>> Perhaps you could set up open DNS as a secondary. I think it is 208.67.222.222 and 208.67.220.220
>>
>
> Good Idea (and I'm not talking about the Good Idea Fairy), even though
> (as I states below) I've yet to see a DNS outage with U-verse.
>
The advice I always dispense is that anyone who can, really should just
run their own caching recursive DNS server and not rely on their
upstream ISP's DNS servers. BIND on many distros will at least work for
the local box it's installed on "out of the box", so to speak.
Add the fact that you can also make the same server *authoritative* for
the LAN's resources (using the .local or .lan TLD if you don't happen to
have a domain you can subdomain locally) and now you've got an even more
useful tool.
I run a caching and local authoritative resolver on my firewall at home,
and have for many years, rendering me effectively immune to my ISP's DNS
server issues (but not CMTS maintenance, can't really solve against the
local loop going down).
Given that there's been cases in the last year or so (WideOpenWest is
one, I *think* Cox or Charter was one of the others) where the ISP's DNS
servers were deliberately monkeying with DNS lookups to inject their own
ads or content into pages, it only makes sense. This is contingent on
the ISP not blocking 53 TCP/UDP to anything but their own servers, however.
-JCB
More information about the mdlug
mailing list