We do do it. No problems in ten years. We upgrade the firewalls to cheaper, faster, more reliable models every few years. In the meantime, DNS traffic has actual declined, probably due to DOH. I'm happy to hear your war stories 🙂 -mel ________________________________ From: Nick Hilliard <nick@foobar.org> Sent: Friday, August 8, 2025 9:19 AM To: Mel Beckman <mel@beckman.org> Cc: North American Network Operators Group <nanog@lists.nanog.org> Subject: Re: Recommended DNS server for a medium 20-30k users isp Mel Beckman wrote on 08/08/2025 17:08:
Appropriately sized, HA firewall pairs mitigate this pretty handily.
Mel, Please don't let me stop you from doing this. The failure modes are really quite entertaining, at least from a distance. Anyone got popcorn? Nick