8 Aug
2025
8 Aug
'25
6:25 a.m.
On Fri, Aug 8, 2025, 00:41 John Todd <jtodd@loligo.com> wrote:
You beat me to it - dnsdist is an exceptionally robust solution for front-ending recursive (or authoritative) servers. Quad9 is indeed using it for all our recursive systems, and we split traffic on the "back-end" between PowerDNS recursor and Unbound. It (dnsdist) has a "packet cache" feature which handles much of the load once warmed, and it answers on DOT/DOH as well as providing for a very rich set of tooling that allows management of unwanted behaviors.
Thanks, John! I was considering evaling/deploying dnsdist for our own customers, and this has me convinced that's a solid direction; if it works well for y'all at Quad9, it'd definitely work for us. Cheers!