Use Your Own DNS, NOW!

Dennis BurgessPublished:  June 6th, 2020
Author: Dennis Burgess

If you like this article, please visit and shop with Link Technologies, Inc. We offer consulting services as well as ISP Hardware!

I have been witness to all kinds of madness in my time consulting for ISPs and WISPs alike. I would like to take a bit of time to talk about one of those. DNS. Yes, DNS the Domain Name Service that makes the internet go around. Honestly, it is undervalued and overlooked by lots of ISPs out there, many simply use their upstream DNS servers and that is fine if you have only one upstream, but when you get into multiple upstream it becomes problematic. Let me explain; first, to secure their (your upstream) recursive DNS servers they list specific IPs that can make requests of those servers. These IPs are typically your ISPs IPs that they have received from the regional registry. While this is normally a good thing; i.e. their servers should not be used in a DNS DDOS attack, it can cause issues. I have a number of consulting customers that wish to use multiple upstream by NATing, while this can be done, one factor is that they are using their primary upstream DNS servers. When they NAT out the secondary ISP (does not matter why), their customers are coming from another set of public IPs that may not be the upstream. Therefore, they are denied access to those DNS servers.

Now. Let me get this out and to be very clear, DNS IS EVERYTHING! If you don't believe me, turn off DNS and see how much of the internet you can access. Yes, you can ping IPs, but most services won't even respond to a web request on an IP anymore. So, DNS IS EVERYTHING! In the case, as sighted above, you have routed specific customers though another ISP, lets call them ISP B, and you are giving the DNS servers for ISP A to that group of customers, hence no DNS, no DNS = NO INTERNET. Now there is a way around this, you can use one of the globally accessible DNS servers, the most popular is Googles or Cloudflare's. Now don't get me wrong, if you are giving your customers google DNS etc., the chances of it going down or having some kind of problem is slim, and on top of that, they have great redundancies with that. Plus, you solve your NO DNS issue with swapping upstream ISPs. Now you can change to virtually any and all up streams as you deem fit and DNS will work and people will go on about their day happily. But the question I have to ask, is WHY do you risk your business and reputation on someone that you have no direct control over. Again, I will explain; if you are handing out Google DNS directly to your customers and for whatever reason, it cannot be reached, what happens? Your customers are down, they are calling YOU asking YOU what YOUR issue is, etc. Now you go up the chain, pass the buck and call Google. But wait, here lies the issue, you don't have a relationship with google, not for DNS services. It's a free service, that you have been riding on. There is no guarantee of access, there is nothing that you can force them to fix. In fact, try to get a hold of someone on Google DNS and you will see what a difficult issue it can be. Furthermore, it may not be a Google DNS issue, it could be a routing issue that you have to take up with their peering team, a problem I actually worked on recently.

Simply put, there is little cost to deploying your own DNS servers. They will answer requests from YOUR customers, they get their hints from the root servers and therefor the chances of them being down are low. Not to mention, you can of course, build redundancy into them, dual hard drives, dual power supplies., or you can virtualize them as well. It's a low cost of ownership, and what if something fails, well then you have the power and control to update that, to go fix it, or change a power supply, etc., you are in control, not someone that don't even know you use their free service. So, DEPLOY YOUR OWN DNS!

If you like this article, please visit and shop with Link Technologies, Inc. We offer consulting services as well as ISP Hardware!

Or you can e-mail support to open a ticket