Writings from Justin Wilson
Finally had some time to contribute to another podcast I am a part of.
This week we talk about:
WISP Virtual Summit July 28th
Save Dave’s brain
RIP Ubiquiti Unifi Video – EOL 1/1/2021
zwift.com
Cloudflare DNS outage
David – Arduino, PHP programming, cycling and weight loss, new kid,
Wilson’s RPKI
Mike got some new hardware; a stent!
I’m done with my sales training – I’m a real boy
If you are wanting learn all about DNS and learn lots of geeky DNS stuff you can listen http://www.ask-mrdns.com/
I recently uploaded a video to youtube talking about why ISPs should not be using external resolvers such as google’s 8.8.8.8 to do resolving for their customers. In this post, I am going to give you, The Patreon subscribers, more information on this topic.
Some clarification. Running 8.8.8.8 as your primary resolver is not an evil thing, it’s just not optimal. Whenever I am managing a network I want to squeeze every last bit of performance I can out of it. One way to do this is to run your own resolvers with root hints.
Let’s start with some links
Everything you ever wanted to know about root hints
https://kb.isc.org/docs/aa-01309
Setting up Unbound
http://troubleshooters.com/linux/unbound_nsd/unbound.htm
FAQ
Do I setup forwarders or root hints?
Do root hints. Bind will cache the lookups. This way you are not dependent on another entities DNS servers
My upstream ISP has DNS servers. Should I use them?
This is better than nothing, but I would ask them where those servers are located. It’s really not that hard to run your own.
I started a blog tonight on DNS design for the ISP. As a result of this writing, I found myself explaining a lot of what the following video does. So if you are not familiar with how DNS works please watch the following video and look for a new post soon on DNS design for the ISP.
So the folks over at Mozilla thought it would be cool to do DNS over HTTPS. This is a dumb idea. If you happen to be running Mozzilla Firefox you should disable this for your own sake.
https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https
If you want the functionality of DNS over HTTPS (DoH) then use a VPN and make your life easier.
Unlock with Patreon