Sheesh! People claiming firewalling DNS is bad, but hide the receipts behind “pay my bar tab” evasion. Here’s the real bar talk: put up or shut up. LOL! Data or it never happened. -mel via cell
On Aug 9, 2025, at 5:42 AM, Måns Nilsson <mansaxel@besserwisser.org> wrote:
Subject: Re: Recommended DNS server for a medium 20-30k users isp Date: Fri, Aug 08, 2025 at 05:19:39PM +0100 Quoting Nick Hilliard via NANOG (nanog@lists.nanog.org):
Mel Beckman wrote on 08/08/2025 17:08:
Appropriately sized, HA firewall pairs mitigate this pretty handily.
Mel,
Please don't let me stop you from doing this. The failure modes are really quite entertaining, at least from a distance. Anyone got popcorn?
I suppose you bring the beer then, because it's going to take both to endure the cringefest that is "cascading resource exhaustion in DNS / firewall setup" -- it can pretty fast end up snowballing completely out of hand. Don't ask me how I know without picking up the bar tab.
/Måns -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE SA0XLR +46 705 989668 Am I accompanied by a PARENT or GUARDIAN? <signature.asc>