On 8/8/25 02:44, DurgaPrasad - DatasoftComnet via NANOG wrote:
Do you have any recommendations for recursive DNS servers for a medium sized (20-30k users) ISP. We have used powerdns and unbound but sometimes find the caching times a bit on upper side. Any suggestions between these two or anything new? Also need points on how much we tune the settings pros and cons if any.
In my experience with ~700k DSL customers before 2010 and DC setups after that the default PowerDNS recursor settings do not really need tuning apart from limiting the amount of entries in cache [0] which directly corresponds to memory usage. The amount of memory required per entry depends on your platform and has changed over time so you should monitor resource usage and adjust accordingly. I also usually limit the max-negative-ttl to 10 minutes instead of the 1 hour default [1] which helps with recovery after some misconfiguration out there. For monitoring these and other metrics can recommend the use of prometheus/grafana via the provided metrics endpoint. [2] The average response latency in particular can also let you know when the quality of your recursive nameservers network connection deteriorates. Since there also is dnsdist [3] these days i can wholeheartedly recommend putting your recursive DNS Service behind it or an HA-setup of them so you can seamlessly switch between nodes or even implementations. dnsdist also provides a /metrics endpoint. [4] [0] https://doc.powerdns.com/recursor/settings.html#max-cache-entries [1] https://doc.powerdns.com/recursor/settings.html#max-negative-ttl [2] https://doc.powerdns.com/recursor/metrics.html#using-prometheus-export [3] https://www.dnsdist.org/index.html [4] https://www.dnsdist.org/statistics.html