Wired Intelligent Edge

Hi,

Are there any recommendations for configuring DNS servers in the core switch? Is it better to configure the ISP DNS or Google free DNS 8.8.8.8? What are the security best practices?

Thanks.

#Switch_Router_Interconnect
#Aruba

Hello,
It's purely based on your requirements. This is what Google says:
Google Public DNS is purely a DNS resolution and caching server; it does not perform any blocking or filtering of any kind, except that it may not resolve certain domains in extraordinary cases if we believe this is necessary to protect Google’s users from security threats. But we believe that blocking functionality is usually best performed by the client. If you are interested in enabling such functionality, you should consider installing a client-side application or browser add-on for this purpose.

Thanks!

My personal opinion - your security policy should regulate such things. Different companies have different requirements. Sometimes a security policy is so restrictive that does not allow any information disclosure to other companies except your ISP. Keep in mind that DNS can be used to track user's activity.

From a pure technical point of view it's always better to use DNS sever closer to you, but closest server doesn't always perform faster. There are tools that can test DNS servers performance and you can make a decision based on objective facts. Examples of such tools are https://github.com/mrwiora/NAMEinator and  https://www.grc.com/dns/benchmark.htm

Hope this helps!

 

Thanks.