Some warning. Please do not put a resolver directly onto the internet. As nice a... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		asimops on Jan 5, 2022 \| parent \| context \| favorite \| on: Why might you run your own DNS server? Some warning. Please do not put a resolver directly onto the internet. As nice as it might be to have a DNS ad-blocker or your own names reachable all over the internet, the server will be part of DDOS attacks through traffic amplification and you don't want that.

gitgrump on Jan 5, 2022 | [–]

If anyone wants to learn more, here's why open recursive resolvers are a bad idea: https://www.cloudflare.com/learning/dns/what-is-recursive-dn...

zinekeller on Jan 5, 2022 | [–]

> Please do not put a resolver directly onto the internet.

Consider using DoT or DoH instead, or at the very least disable UDP queries (there's a slight penalty though).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact