DNS Best Practice

The separation of roles is a fundamental principle in DNS best practice architectures:

Recursive DNS Resolver

  • Dedicated recursive resolvers for your own users
  • Only reachable from valid users
  • Not reachable from the Internet
  • Preventing cache poisoning
  • Accelerating DNS for your users

Authoritative DNS server

  • Not allowing any recursive requests
  • Only answering requests to authoritative zones
  • Less security exposure because not vulnerable to any issues related to DNS caching

With DnsMARA you can chose between different deployments:

All Services on same Server

  • Recursive and authoritative DNS service both on the same physical server
  • Separate processes, each sandboxed and using independent implementations
  • Offered on different IP addresses and VLANs or NICs
  • More cost effective

Dedicated Servers

  • Dedicated physical servers for each DNS service
  • Maximum performance, resilience, redundancy and security