Our nameservers handle both the authoritative and recursive traffic, but we use ACLs to restrict recursive queries to just our users. If I understand your second sentence correctly, then yes, our DHCP server hands out the DNS servers, of which one of the three is outside our own network. Frank -----Original Message----- From: Patrick W. Gilmore [mailto:patrick@ianai.net] Sent: Tuesday, February 16, 2010 9:33 PM To: NANOG list Subject: Re: History of 4.2.2.2. What's the story? On Feb 16, 2010, at 10:24 PM, Frank Bulk wrote:
We do. It's at our upstream provider, just in case we had an upstream connectivity issue or some internal meltdown that prevented those in the outside world to hit our (authoritative) DNS servers. Of course, that's most helpful for DNS records that resolve to IPs *outside* our network.
What you describe - authorities used by people off your network to resolve A records with IP addresses outside your network - is not what Joe was describing. What the recursive name server your end users queried to resolve names, the IP address in their desktop's control panel, outside your network? I can see a small ISP using its upstream's recursive name server. But to the rest of the world, most small ISPs look like a part of their upstream's network. -- TTFN, patrick
=== <snip>
For what it's worth, I have never heard of an ISP, big or small, deciding to place resolvers used by their customers in someone else's network. Perhaps I just need to get out more.
Joe