Subject: Recommended DNS server for a medium 20-30k users isp Date: Fri, Aug 08, 2025 at 12:44:40AM +0000 Quoting DurgaPrasad - DatasoftComnet via NANOG (nanog@lists.nanog.org):
Hello all, Do you have any recommendations for recursive DNS servers for a medium sized (20-30k users) ISP. We have used powerdns and unbound but sometimes find the caching times a bit on upper side. Any suggestions between these two or anything new? Also need points on how much we tune the settings pros and cons if any.
anycast unbound, preferably on something more mature than Linux, so like FreeBSD or OpenBSD. crucial part being _anycast_ so you don't have to pay protection money to the likes of haproxy or F5, but still can have good service availability. troublish thing with resolver service is that the clients have a tendency to wait painfully long before they try No. 2 in the resolver list, so fast answers from the first one are kind of important. my one advice on anycast is to make _certain_ that the routing reflects service availability on individual nodes -- i.e a node that can't answer queries MUST stop advertising the resolver /128 (or /32 if you have that). I have built this several times at various organisations. it is solid. as in "it just works". also, since I made certain my resolvers speak ipv6, resolution is much snappier. auth DNS service has a very good v6 roll out status, overall. on tuning, you have a metric ton of options in unbound -- considerably more so than in BIND. otoh, since I learnt of unbound I have avoided BIND for recursive service, so there mightabeen some evolution there. with that, the people at cz.nic (knot resolver) are quite competent, so I would follow the advice given and look at their offering too. of course you can run anyast with knot resolver too. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE SA0XLR +46 705 989668 Hmmm ... a PINHEAD, during an EARTHQUAKE, encounters an ALL-MIDGET FIDDLE ORCHESTRA ... ha ... ha ...