Menu
Blog archive
Popular blog tags
RSS

Blog

Using Technitium DNS Tuesday, December 16, 2025

Using Technitium DNS as Your Recursion Server

Technitium | December 16, 2025

What is Technitium DNS Server

It is a modern open source authoritative as well as recursive DNS server. You can use it for your ISP as a recursion server and/or point domains to it and use it as your own authoritative DNS server. It provides caching and is SUPER SIMPLE to install. It will install on windows as well as Linux environments, and works quite well. Something else though, is that it can also block DNS entries based on lists, very similar to PiHole, however, configuration of a ISP grade DNS recursion system is super simple, as out of the box it will go to the root servers, vs forwarding to 1.1.1.1 or some other server as PiHole does.

It also supports all of the modern security features, such as DNS-over-TLS, DNS-over-HTTPS and DNS-over-QUIC. All of these are secure technologies, that allow for secure DNS lookups, if that is something you want. I really want my DNS server to be “quick” so I always install the DNS-over-QUIC as that’s the fastest implementation.

Authoritative vs Recursive

Ok, what are these big words? Ahh, ya. So, lets start with recursive, basically this is a DNS server that gives any and all answers to clients. These are what you as an ISP should have in place for all of your customers. This server, goes and gets the answers for DNS queries for clients, normally it would cache, or store those DNS entries for xyz time, during witch, it will already have the DNS answer for clients as its stored in memory. This is called a caching DNS recursive server. It will give out non-authoritative answers to DNS queries, as its “non- authoritative” or not responsible for giving the answers. However, since it gives out these, it goes to the authoritative source and gets the answer, but since its NOT the authoritative source, it gives out non- authoritative answers, as it should. Most ISPs run recursive servers, that they hand out to their clients to provide fast and reliable DNS services.

Authoritative is a DNS server that hosts a domain name, and since its is the server of authority, it would be a authoritative server. So, we will look at a domain, lets use mikrotikrouter.com. The register, the place where you register the domain has DNS servers for said domain name, says where to look for the DNS server that responsible for that domain. Here you will get the authoritative server for mikortikrouter.com, this would be ns1.linktechs.net and ns2.linktechs.net. So, then your DNS recursive server will go to ns1 and ns2 server and request the domain mikrotikrouter.com, this in turn will give you the answer. This would be an authoritative answer as its coming from the server that is responsible, but since you are using a recursive server, that answer will be stored according to the cache settings of the server and domain, then a non-authoritative answer will give to the client, and hence DNS is allowed us to go to that website.

What DNS Should you Run?

Well that really depends on a number of factors. In my opinion, with all of the DNS attacks on Cloudflare and AWS, I would prefer to self-host my authoritative DNS. There are many reasons to do and not to do this. If you lump yourself with all of the others, such as Cloudflare DNS service, then that is a massive attack vector for someone that wishes to do harm to the internet. Take down that service and how many websites go down? On the other hand, since they are such a large service, they do have mitigation methods to prevent this from occurring. So, that’s one thought, another is bandwidth, since we don’t have as much bandwidth, we could be attacked and thus have the same issue, I don’t think I have enough bandwidth / time / security experts to prevent this from harming me, but then again, if I host only a few domains, am I worth attacking? Touché huh?

As far as an ISP is concerned, all ISPs should have recursion servers, two of them not one. They should be placed at the top of your network, or at a common location on your network that has low latency access. Faster access = faster DNS times. Recursion servers need some love, keep that in mind, they need to be secure from the public internet, but that will be in the security section .

Why Should I Care?

DNS simply runs the internet. No DNS = no internet for 99.99% of the people out there. So this means, that if you do not provide DNS services to your customers as an ISP, you have a potential issues on your hands. I have lots of ISPs that run google DNS or Cloudflare and while this gets you by, the question is “Is Google or Cloudflare within your circle of influence?” I know, what does that mean. That means, if there is any issue, or question about the service, is there a phone number, email, something? Can you tell them, “I am not paying for anything for your free service, but something is not right fix it?” Well of course you an tell them that, but will your statement carry any weight with them? Since both of those services are free, yes they care if someone can’t get to them, but honestly do you think you will have any luck getting something fixed in a timely manner? I can tell you, from my experience, that answer is no.

Google Issue Resolution Time

We had Google DNS have some kind of “routing issue” they conversed with us via email, and even confirmed it. But, it took about 5 days to get that, and then they said they would be doing maintenance on the affected device in three weeks, and then it should be corrected! What!! Three weeks! Yep, that’s what they said. Keep in mind it’s a free service, so do I expect an instance resolution, no of course not, but this just drove myself and the customer to install our own DNS servers. Hence this article. .

So now back to Technitium DNS Server

So, when I was looking at DNS servers, this one stood out. There are a number of ISPs using Simple DNS (a paid windows application) that does everything this does, but this does it all and there is zero cost, not to mention it can RUN on windows, but also runs on Linux as well. Something else, is that it has a configurable caching system, out of the box, that goes do the root servers by default, not forward like PiHole does, so this is a one, two punch to Pi-Hole DNS. It is just as simple to install, one command, and is fairly light-weight.

In some of our customers cases, they were running Pi-Holes with unbound as a DNS forwarder to be able to go to the root servers. We also had to play with the config files of the Pi-Hole as we needed more caching based on the numbers that the ISP had. While this worked quite well, the next question is can we do all of that inside one application without playing with settings. Furthermore, some of these customers use Simple DNS as their authoritative servers, therefore, is possible to drop two windows VMs and just go with a pair of Linux VMs with Technitium DNS installed.

So, saving CPU as not having windows VMs, saving disk space and running all open source sounds super nice. One web interface vs multiple interfaces is also nice, and the fact that Pi-Hole really came about due to DNS blocking and Technitium DNS can do that as well using the SAME lists, heck it’s a win-win!

So how to install Technitium DNS Server

In our case, we spun up a Ubuntu 24 container, but you can spin up a VM it would be up to you and your environment. With that container we put a public IP on it, on our public VLAN, and got it ready. In this case we put a temp public IP on it to be able to load and it make it work, later we will change it to our primary DNS IP (currently running Pi-Hole). Once you get the Ubuntu up and running, you should do your updates

Sudo apt update
Sudo apt upgrade -y

This should get you up to date as always. Then you can install the Technitium DNS server.

curl -sSL https://download.technitium.com/dns/install.sh | sudo bash
===============================
Technitium DNS Server Installer
===============================
Updating ASP.NET Core Runtime...
ASP.NET Core Runtime was updated successfully!

Downloading Technitium DNS Server...
Updating Technitium DNS Server...

ICU package is already installed.

Restarting systemd service...

Technitium DNS Server was installed successfully!
Open http://dns1:5380/ to access the web console.

Well was that not simple, yep. Its installed and running.

Updating to DNS-over-QUIC

To update this server to support DNS-over-QUIC, you need a new package from Microsoft, this would be the following:

wget https://packages.microsoft.com/config/$ID/$VERSION_ID/packages-microsoft-prod.deb -O packages-microsoft-prod.deb -4  

sudo dpkg -i packages-microsoft-prod.deb

rm packages-microsoft-prod.deb

sudo apt update

sudo apt install libmsquic -y

sudo apt upgrade -y

You must wget the package, install it as a dpkg, then you can delete the .deb file, update apt to get the new library and then install the package, as well as I would make sure everything is updated by doing a upgrade -y.

Configruation of Technitium DNS

95% of the configuration is already done for you. It’s a high-performance DNS server, primarily a recursion server, however, you need to secure the recursion portion. Normally this is done by only allowing private IPs to do the recursion, but in ISPs cases, you need your public blocks listed as well, go to settings recursion.

Here you will get the option to changed to use Specified Network Access Control List or ACL, this is the list that will be allowed recursion. . Put any and all IP address, both IPv6 and IPv4 in this block and save it. This will allow all of your public IPs to do recursion.

Next is caching entries, go to settings cache.

The only thing here I would change is the Cache Maximum Entries. By default, its 10,000, but as an ISP with many clients using it, I would up this to between 50,000 and 200,000 . What you want is the maximum value that you can get with the RAM that you have allocated. I allocated 8gig as I have plenty to use, so, I have RAM for days if it were. The normal thought is 150,000 would be between 2k and 5k per entry, or 300 to 750meg of ram for up to 150,000. Assuming heavy or DNSSEC + extra features, you can figure 10kb per device, so that would be up to 1.5GB. 8 gigs is plenty of RAM, but if you are tight, I would keep it excessive. Also note the next section will affect ram usage. In this case I would use 2-4 gig of RAM just to be safe.

Using Block Lists (if you want to)

As an ISP, you really should not block much if anything. I have plenty of ISPs that do not block any DNS query, if a customer wishes to do that themselves, they can follow this article and go from there, but otherwise, what do I recommend blocking ? Well, I normally stick with adware & Malware. If you go to Settings Blocking, here you can add an Allow / Block list. By default, this list is blocking, if you don’t want it to be blocking, i.e. allow, that would be ! in front of it, or don’t put it in. In this case, I would use only, Steven Black [adware + malware] list as is provided by the service. This is a basic ad and malware block list, and I don’t know of anyone who has an issue with blocking these types of lists. Just add them here, and hit save.

Reviewing your setup

If you go to your dashboard, you will see how many total requests, what kind of requests, lots of information as needed, note that this server does NOT by default store your queries, and if you wanted to do that, there is an APP plugin that you can use depending on what kind of server you have.

This is one of the major listing, basically giving you how many zones, you are authoritative for, how many items you have in your cache, and the big one how many domains are on the block list.

The big things to keep in mind when you are looking at this. How much is in your cache, as well as how much is blocked.

Another issue is by default they have queries per min limits on ipv4 and ipv6, this is in the settings General section. The normal of 600 and 6000 is fine, but watch your list of top clients. If you have someone reaching that number your dropped queries will go up and it will be listed here. There is a box to exempt and IP or range from those, but I would not do that under normal operations.

So what have we Done ?

Well we installed Technetium DNS server, configured it for maximum caching as well as added a block list, if wanted, to your ISP DNS server. Now the only thing you have to do is either put it on a public IP and/or duplicate it again for your secondary server. Once you have both servers configured, now you can put them into production via DHCP or whatever means you have. Remember, fast DNS = Fast internet, and is directly proportional to how close the DNS server is to the customers.

About Link Technlogies, Inc.

Link Technologies Inc has been in business for just under 20 years. We provide MikroTik, 9Dot, and NetPoint antenna hardware and various other hardware and software solutions. We focus on MikroTik hardware with several engineering level consultants here to serve our customers and provide said services. “Find a need and fill a need”, is our motto, designing software such as TowerCoveage.com to fulfill customer needs in relation to RF propagation software that ingrates web-based tower mapping and end use customer inquiries. We also operate https://cloud.linktechs.net providing a MikroTik based cloud management solution with backups and monitoring. We also provide a full enterprise-grade backup solution to many industries.

Our customers include ISPs, Fiber Operators, Hotels, Casinos, Healthcare, MSP businesses, and Credit Unions. Our solutions include zero-trust networking, firewalling, BGP, VPLS, MPLS, OSPF, RIP, MikroTik, Cisco, Juniper, web-proxy, backup services, hosting email and servers. We also sell rack-space in our dedicated DC in House Springs, MO, as well as provide on-site MikroTik and operational training services.

https://shop.linktechs.net – On-Line Shopping / Website
https://cloud.linktechs.net – MikroTik Cloud Services
https://towercoverage.com – On-Line RF Propagation Mapping

How to Contact Us

Phone: (314) -735 – 0270
E-Mail: sales@linktechs.net

Comments (0) details
Really the Simpsons? Yep MikroTik can do that as well! Monday, December 8, 2025

So you think your MikroTik can’t do the Simpsons?
You’d be wrong… as long as it has a speaker/beeper built in.

If your MikroTik has a beeper, you’ll usually hear a short beep when it boots. With a tiny bit of scripting, you can make it play the Simpsons theme instead.

Want your router to sing every time it starts up?
Just drop this script in, hook it to the scheduler with start-time=startup, and on the next reboot it’ll rip.

Do you need this?
Absolutely not.
Do you want this?
Absolutely yes. 😁

:beep frequency=1047 length=563ms; :delay 573ms; :beep frequency=1319 length=375ms; :delay 385ms; :beep frequency=1480 length=375ms; :delay 385ms; :beep frequency=1760 length=188ms; :delay 198ms; :beep frequency=1568 length=563ms; :delay 573ms; :beep frequency=1319 length=375ms; :delay 385ms; :beep frequency=1047 length=375ms; :delay 385ms; :beep frequency=880 length=188ms; :delay 198ms; :beep frequency=740 length=188ms; :delay 198ms; :beep frequency=740 length=188ms; :delay 198ms; :beep frequency=740 length=188ms; :delay 198ms; :beep frequency=784 length=750ms; :delay 760ms; :delay 188ms; :delay 188ms; :beep frequency=740 length=188ms; :delay 198ms; :beep frequency=740 length=188ms; :delay 198ms; :beep frequency=740 length=188ms; :delay 198ms; :beep frequency=784 length=188ms; :delay 198ms; :beep frequency=932 length=563ms; :delay 573ms; :beep frequency=1047 length=188ms; :delay 198ms; :beep frequency=1047 length=188ms; :delay 198ms; :beep frequency=1047 length=188ms; :delay 198ms; :beep frequency=1047 length=375ms; :delay 385ms;

 

Comments (0) details
It Has to Be DNS: Why Every ISP Should Run Their Own DNS Infrastructure Monday, December 8, 2025

“DNS is the lifeblood of the internet.”

If you’ve worked in networking long enough, you’ve heard the phrase:

“It has to be DNS.”

Right up there with “It’s always MTU.”
And more often than not, it really is DNS.

This article exists for one reason: As an Internet Service Provider, you should be running your own DNS infrastructure. DNS is not optional. It is a core dependency of your service, just like routing, switching, and transport. If you don’t control it, you don’t truly control your network.

Why Running Your Own DNS Matters

DNS directly impacts:

  • Page load speed

  • Application performance

  • Security

  • Customer perception of “internet speed”

  • Outage response time

  • Your ability to troubleshoot issues

If all your customers use 8.8.8.8 or 1.1.1.1, you have:

  • Zero visibility

  • Zero control

  • Zero influence during outages

  • Zero ability to prioritize your own customers

Ask yourself this:

If Google or Cloudflare DNS has an outage, what leverage do you have?

The answer is simple: None.

Hardware Options: From Budget to Enterprise

Your DNS hardware doesn’t need to be fancy. It just needs to be reliable.

Under 500 Users

  • Two Raspberry Pi systems running Pi-hole

  • Or two used small-form-factor PCs from eBay

  • Example: HP EliteDesk 800 (i5, 8GB RAM, 256GB SSD) for under $100

  • Intel NUCs work great too

  • Anything is better than nothing. Just make it redundant.

Enterprise Deployment

What we commonly deploy:

  • Dell R640 servers

  • Redundant power supplies

  • Redundant storage

  • RAID-protected OS and data

  • Built for real uptime

With six 800GB SAS drives, you’re looking at roughly $3,200 per server, but these platforms:

  • Last for years

  • Survive hardware failures

  • Allow zero-downtime maintenance

They are absolutely overpowered for just DNS, which is why we typically run Proxmox or Hyper-V and host additional services as well.

The Core Software Stack: Pi-hole + Unbound

What matters most is how you run DNS, not just the hardware.

Pi-hole

  • Acts as the front-end caching DNS server

  • Default cache: 10,000 entries

  • We tune ours to 250,000 cached entries

  • Network-wide telemetry, ad, malware, and phishing blocking

  • Full visibility into DNS behavior

Unbound

  • High-performance recursive DNS resolver

  • Talks directly to root servers

  • Eliminates reliance on Google, Cloudflare, or upstream forwarders

  • Provides secure, authoritative recursion

How We Use Them Together

  • Clients → Pi-hole

  • Pi-hole → Unbound

  • Unbound → Root DNS Servers

This gives you:

  • Full recursion

  • Full caching

  • Full visibility

  • Full control

  • No dependency on public DNS vendors

Security Without Becoming “The ISP That Blocks Everything”

As an ISP, you typically don’t want aggressive filtering. But malware and phishing domains should never be accessible.

We implement:

  • 1–2 strictly malware and command-and-control focused blocklists

  • About 500,000 malicious DNS entries

  • No ad blocking by default

  • No content filtering

This protects customers from:

  • Botnet command servers

  • Phishing landing pages

  • Malware distribution domains

Even if a device becomes compromised, blocking DNS-based command and control often prevents the malware from functioning at all.

Real Performance Gains

On production networks, we consistently see:

  • 90–91% cache hit rate

  • Only 9–10% of queries ever leave the server

  • DNS answers delivered locally at wire speed

On a 32-core 3.2GHz Xeon DNS VM, usage is typically:

  • Under 3% CPU

  • 8–12GB RAM is more than enough

DNS is lightweight. Performance is not the challenge. Architecture is.

Alternative: Windows-Based Recursive DNS

For Windows-based environments:

  • SimpleDNS

  • Can function as authoritative DNS and recursive DNS

  • Free for recursion

  • Licensing applies only to authoritative domains

It’s a solid option for Windows-heavy infrastructures.

Placement Matters: Keep DNS at the Network Edge

DNS should live:

  • Inside your network

  • Close to customers

  • On low-latency infrastructure

It should not live in AWS, Azure, or third-party cloud platforms unless you are specifically engineering global anycast DNS.

Lower latency equals faster lookups and faster perceived internet speed.

The Business Reality

Here’s the real question every ISP must answer:

If your customers’ DNS is broken, can you directly fix it?

If you rely on:

  • Google DNS

  • Cloudflare DNS

  • Other third-party resolvers

Then the answer is no.

And if you have:

  • No control

  • No monitoring

  • No logs

  • No escalation path

Then you are outsourcing one of the most critical components of your network, for free, to companies that owe you nothing.

That’s not engineering.
That’s gambling.

Final Thought

DNS is not an optional service.
It is not an add-on.
It is not a nice-to-have.

DNS is a core requirement of the internet.

If you are an Internet Service Provider:

  • You should control your recursive DNS

  • You should own your cache

  • You should protect your customers from malware

  • You should have visibility during outages

  • You should not bet your reputation on a free public service

Run your own DNS.
Your customers, your engineers, and your uptime will thank you.

Comments (0) details
TowerCoverage.com – Technical Architecture and RF Mapping Platform Overview Thursday, November 27, 2025

TowerCoverage.com – Technical Infrastructure & Platform Overview

TowerCoverage.com is one of the first fully web-based RF propagation mapping systems designed to support 2.4 GHz, 5 GHz, 6 GHz, 3.6 GHz, and many additional licensed and unlicensed frequency bands. Since our launch in 2011, we have spent more than 15 years engineering and refining our platform to deliver accurate, high-resolution coverage maps for service providers around the world.

Gone are the days of deploying access points and performing ad-hoc site surveys just to determine if a potential customer can receive service. TowerCoverage.com enables you to model, predict, and validate coverage with confidence, before a truck ever rolls.

With our Multi-Map system, you can merge numerous individual access points into comprehensive, service-area-wide maps for internal planning or publish them directly to your website using our embedded iframe tools. We also support fiber and coax mapping capabilities to provide a complete toolkit for modern ISPs.

Through our integrated lead-generation system, customer inquiries submitted through your public maps automatically generate the six best path profiles to your towers within minutes. You can review the data, forward leads into your billing/CRM system, plan new tower locations, locate existing FCC towers, and much more, all with accuracy down to one meter in many regions worldwide.

You can get started for free at www.towercoverage.com with a 14-day risk-free trial.

High-Performance Storage Architecture (Powered by MikroTik RDS Architecture)

To deliver global reliability and performance, TowerCoverage.com uses MikroTik’s Rose Data Storage RDS2216-2XG-4S+4XS-2XQ units in an active/active storage configuration for all user-generated content, including logos, coverage layers, and Multi-Maps.

Each RDS has: 10 × 2 TB NVMe drives (via U.2 adapters) running RAID6, giving ~15 TB usable high-speed storage, and another RAID5  using 8 × 4 TB NVMe drives (via U.2 adapters), giving another ~22 TB usable high-speed storage

We blend these using both local disk storage and iSCSI. Each RDS system mirrors data via RAID-1 across iSCSI hosts, giving us high-performance, redundant storage across both chassis. Our active/active design ensures nearly simultaneous writes to both units via iSCSI, providing exceptional reliability and data integrity.

Network Fabric

Both RDS units are connected via 40 Gbps links to a pair of CRS326-24S+ switches.
Each RDS connects to both switches using Multi-Chassis LAG (MLAG), providing:  80 Gbps aggregated bandwidth per RDS to the switch stack, Switch-level redundancy, and Seamless failover.

Routing & Network Redundancy

We operate dual MikroTik CCR2116 routers forming a redundant routing core.

Features include:

Active/active BGP sessions
Active/active routing across multiple transit and peering connections
Dual-stack IPv4/IPv6
VRRP failover on public and private interfaces
A/B power systems, backed by generators
Dual HVAC systems that alternate to ensure reliability and health
Temperature, humidity, and air-quality monitoring
This provides 24/7 continuity even during maintenance or hardware failure.

Backup, Replication & Disaster Recovery

We maintain a multilayer backup and replication system:

Local Backup Tier

High-speed local backup storage
Multi-gigabit restoration performance
Rapid rollbacks and recovery

Cloud Backup Tier

Encrypted off-site cloud storage
Long-term retention of critical data

Redundant Data Center Replication

Full VM and server snapshots are replicated to a secondary data center
Replication intervals: every 5–15 minutes
Backup center runs its own independent:
Internet uplinks
BGP routing
Core switching
Provides complete failover capability

Monitoring & Telemetry

All systems are continuously monitored using:

MikroTik The Dude
Zabbix

We actively monitor:

BGP peers
OSPF sessions
Switch fabrics
Storage performance
Environmental systems
UPS/Battery performance
Replication Health
Latencies
Server health

This multi-layer monitoring ensures issues are detected long before they impact service.

Experience the difference a Team makes, Link Technologies, Inc.

With the expertise of Link Technologies, Inc.’s world-class engineering staff, we have built a fully redundant, enterprise-grade infrastructure designed to deliver unmatched reliability. Leveraging ISP-level networking protocols, redundant hardware, and geographically diverse data centers, our system is engineered for maximum uptime and seamless performance.

The consultants at Link Technologies, Inc. are recognized leaders in the industry and specialize in designing active/active, no-compromise redundancy solutions. Whether you’re a growing ISP or an established enterprise, our team can architect a resilient network that keeps your services online, even under the most demanding conditions.

Let Link Technologies, Inc. turn your network into a powerhouse of reliability, performance, and peace of mind.

Summary

Using a fully redundant MikroTik-powered infrastructure, TowerCoverage.com has become a global leader in RF propagation mapping. Our platform is built with active/active routing, storage, switching, and power systems, designed to maximize uptime, performance, and data integrity.

In short:
We leverage MikroTik to deliver world-class reliability, world-class mapping, and world-class service to ISPs everywhere.

Comments (0) details
Simplify FCC Broadband Data Collection (BDC) with TowerCoverage Tuesday, July 29, 2025
by Dennis Burgess

Simplify FCC Broadband Data Collection (BDC) with TowerCoverage

Broadband Data Collection (BDC) has become a critical responsibility for Internet Service Providers (ISPs) to accurately represent their coverage data to the FCC. Ensuring accuracy, compliance, and timely submission can be a challenging and time-consuming task for many ISPs. Fortunately, TowerCoverage provides a streamlined and cost-effective solution, including their "File on Behalf Of" (FOBO) service, to simplify your BDC process.

How TowerCoverage Makes BDC Easy for ISPs

TowerCoverage offers specialized tools and services, including FOBO, that simplify the entire BDC reporting and submission process:

Accurate BDC Data Collection

TowerCoverage enables ISPs to effortlessly generate accurate, comprehensive BDC coverage data:

  • Quickly generate precise Broadband Data Collection maps.

  • Effortlessly manage multi-map submissions, including fiber and wireless coverage.

Learn more: BDC Coverage Data Collection

Simplified FCC Uploads with FOBO

TowerCoverage’s FOBO (File on Behalf Of) service makes uploading to the FCC even easier:

  • Automatically format and prepare your coverage data for FCC submission.

  • TowerCoverage can upload and file your BDC data directly to the FCC portal on your behalf, saving time and ensuring accuracy.

Learn more: FOBO - Filing on Behalf Of

Certification and Professional Engineer (PE) Certification

Ensuring your data meets FCC compliance standards is essential. TowerCoverage offers straightforward certification services:

  • Standard certification: $250 per multi-map.

  • Optional certification with a Professional Engineer (PE): $500. -- Note the FCC DOES NOT REQUIRE THIS ANYMORE!

Learn more: BDC Certification and PE Certification

Affordable Pricing

TowerCoverage provides cost-effective BDC solutions tailored specifically for ISPs:

  • $250 per multi-map (can include fiber coverage).

  • Certification (standard): $250.

  • Certification (with PE): $500.

  • FOBO (File on Behalf Of) Services: $400

By offering these services at competitive rates, TowerCoverage ensures compliance without breaking your budget.

Why Choose TowerCoverage?

  • Cost-Effective: Competitive pricing makes compliance affordable.

  • Efficient: Reduce time spent preparing and submitting BDC data through FOBO.

  • Reliable: Accurate and FCC-compliant submissions to ensure peace of mind.

Simplify your Broadband Data Collection process today by leveraging the specialized FOBO tools and services provided by TowerCoverage.

For detailed instructions, visit: TowerCoverage Wiki

Comments (0) details
Bridging the Gap: VXLAN's Point-to-Multipoint Advantage for ISPs with MikroTik Tuesday, July 22, 2025
by Dennis Burgess

Bridging the Gap: VXLAN's Point-to-Multipoint Advantage for ISPs

Internet Service Providers (ISPs) continuously strive to deliver faster, more reliable, and scalable networks to meet growing customer demands. One significant challenge is navigating the space between traditional Layer 2 bridging and advanced Layer 3 routing, commonly referred to as "Layer 2.5." VXLAN (Virtual Extensible LAN), standardized in RFC 7348, offers an innovative solution that bridges this critical gap, particularly due to its powerful point-to-multipoint nature.

Why VXLAN Matters to ISPs

Historically, ISPs have wrestled with extending Layer 2 segments across geographically dispersed sites without facing the scalability limitations of traditional Ethernet bridging. While Layer 3 solutions such as MPLS offer robust scalability, they often come with increased complexity and cost. VXLAN, however, strikes an optimal balance by encapsulating Layer 2 frames within Layer 3 packets, thus delivering the simplicity of Ethernet alongside the reachability and scalability of Layer 3 IP networks.

VXLAN inherently operates in a point-to-multipoint fashion, meaning a single VXLAN Tunnel Endpoint (VTEP) can communicate efficiently with multiple remote VTEPs without the cumbersome configuration typically required in fully meshed Layer 2 networks. This makes VXLAN exceptionally suitable for ISPs needing flexible, scalable network designs.

VXLAN and MikroTik: A Winning Combination

MikroTik has embraced VXLAN technology, integrating robust VXLAN support directly into RouterOS since version 7.x. MikroTik routers provide ISPs with straightforward, cost-effective solutions to deploy VXLAN across their networks, combining high performance with affordability.

Several reasons make MikroTik's implementation appealing to ISPs:

  • Easy Configuration: RouterOS simplifies VXLAN deployment, making it accessible to network operators without extensive training or expensive equipment.

  • Cost Efficiency: MikroTik hardware delivers robust VXLAN capabilities without the hefty price tag associated with larger enterprise-grade hardware vendors.

  • Flexibility and Scalability: MikroTik’s VXLAN implementation supports extensive network expansion with minimal complexity, leveraging RouterOS’s intuitive management and scripting capabilities.

Closing the Gap between Layer 2.5 and Layer 3

By implementing VXLAN, ISPs can achieve:

  1. Scalable Layer 2 Segments: Efficiently extend broadcast domains over Layer 3 networks without facing traditional spanning-tree limitations.

  2. Simplified Network Management: Reduce complexity by minimizing manual configurations typically associated with maintaining large-scale Layer 2 networks.

  3. Improved Customer Offerings: Rapidly provision segmented services such as VLANs, improving customer isolation and service flexibility.

What's Next for VXLAN on MikroTik?

MikroTik continues to enhance its VXLAN support, understanding the growing needs of ISPs. Several exciting features are anticipated in upcoming RouterOS releases:

  • Enhanced EVPN Integration: Expect deeper integration of Ethernet VPN (EVPN), providing dynamic, robust control-plane capabilities alongside VXLAN.

  • Improved Hardware Acceleration: MikroTik plans to expand VXLAN hardware offloading capabilities to even more router models, significantly boosting throughput and reducing latency.

  • Advanced Multicast Handling: Enhanced support for multicast over VXLAN, critical for efficient, large-scale distribution of IPTV and similar multicast-dependent services.

Standardization and Reliability

VXLAN's strength lies in its standardized nature. Adhering to RFC 7348 ensures interoperability, vendor neutrality, and consistent performance. ISPs implementing MikroTik’s VXLAN solutions benefit directly from ongoing community input and globally recognized standards.

Conclusion

The evolution of VXLAN on MikroTik’s RouterOS represents a significant leap forward for ISPs seeking to blend the simplicity of Layer 2 with the scalability of Layer 3. As MikroTik expands its feature set and continues to embrace standardized protocols, ISPs have a valuable tool for modernizing their network infrastructure—delivering the agility, scalability, and reliability demanded in today's highly competitive market.

---------------

Link Technologies, Inc. offers hardware and consluting services to help you with virtually any MiroTik or RouterOS configuration.  Contact sales@linktechs.net or call 314-735-0270 to find out more information.

Comments (0) details
DNS your way, is the only way! Wednesday, July 16, 2025
by Dennis Burgess

On July 14, 2025, Cloudflare experienced a significant outage impacting its widely-used global DNS resolver, 1.1.1.1. This incident underscores a critical vulnerability faced by Internet Service Providers (ISPs) relying exclusively on global DNS resolvers.

Global DNS resolvers like Cloudflare's 1.1.1.1, Google’s 8.8.8.8, and Quad9's 9.9.9.9 have become popular choices due to their speed, security, and ease of configuration. However, the Cloudflare incident highlights the substantial risks involved in basing critical infrastructure entirely on external services beyond the direct influence of the ISP.

When ISPs depend solely on these global resolvers, they relinquish control over their DNS infrastructure to third parties. During the Cloudflare outage, ISPs using 1.1.1.1 had no power to expedite resolution or even receive timely communication about the ongoing issues. This lack of direct influence not only left ISPs in the dark but also prevented them from proactively communicating clear information to their customers.

Running a local DNS resolver provides ISPs with critical autonomy and influence. Local resolvers enable ISPs to:

  1. Quickly identify and mitigate issues internally, providing real-time solutions rather than awaiting third-party responses.

  2. Directly communicate with customers regarding outages, improving transparency and reducing confusion.

  3. Implement customized DNS policies tailored to their network performance, security, and customer needs.

  4. Reduce dependency on a single point of failure inherent in global DNS resolvers.

The July 14 Cloudflare incident is a powerful lesson: while global resolvers offer benefits, exclusive reliance exposes ISPs to unnecessary risk and reduced operational control. ISPs committed to robust service availability and customer satisfaction must seriously consider operating their own DNS infrastructure to maintain independence and reliability. This proactive approach not only improves service resilience but also enhances customer trust and satisfaction in the face of unforeseen global outages.

 

----

Link Technologies, Inc offers Servers and the know-how to implement DNS servers correctly, redundantly, quickly, and cost effectively.  Contact sales@linktechs.net for more information about the services and hardware we offer! 

----- 

 

https://blog.cloudflare.com/cloudflare-1-1-1-1-incident-on-july-14-2025/ 

Comments (0) details
Advantages and Disadvantages of Using VXLAN vs. VPLS in RouterOS 7 Tuesday, February 25, 2025
Conclusion The choice between VXLAN and VPLS in RouterOS 7 depends on the specific needs of your network. VXLAN excels in scalability and flexibility for modern architectures, while VPLS remains a robust option for traditional Layer 2 service extension. MikroTik's enhancements in RouterOS 7 ensure that both technologies are well-supported, providing network administrators with the tools to build efficient and resilient networks.
Comments (0) details
What you need to know checklist... Tuesday, January 14, 2025

https://help.bdc.fcc.gov/hc/en-us/arties/10419121200923-How-Entities-Can-Access-the-Location-Fabric
Support@TowerCover age.com

details
Exploring the BGP Features of RouterOS 7 from MikroTik Friday, December 27, 2024

 

MikroTik's RouterOS 7 has introduced a host of new features and improvements to its Border Gateway Protocol (BGP) implementation. As a key component for managing routing in complex networks, BGP in RouterOS 7 has become more robust, scalable, and flexible, making it an excellent choice for network engineers. This article delves into the key BGP features and enhancements in RouterOS 7, shedding light on how they can empower network administrators.

1. Multipath Routing

One of the standout features of BGP in RouterOS 7 is multipath routing. This allows the router to use multiple paths to the same destination, enabling load balancing and redundancy. By distributing traffic across several links, networks can achieve better utilization of bandwidth and improve fault tolerance.

  • Key Benefits:
    • Enhanced load balancing.
    • Improved reliability through redundancy.

2. BGP Communities and Large Communities

RouterOS 7 has expanded its support for BGP communities, including the addition of large communities. This enhancement allows more granular policy control and simplifies route management in large-scale networks.

  • BGP Communities:
    • Enable tagging of routes for policy-based routing decisions.
    • Useful for controlling how routes are advertised or accepted.
  • Large Communities:
    • Provide a 96-bit identifier for more flexible and scalable tagging.
    • Essential for large networks with complex policies.

3. Routing Filters 2.0

RouterOS 7 introduces a revamped routing filter system, enabling more efficient and precise control over route import and export processes. This new system is more powerful and user-friendly compared to its predecessor.

  • Features:
    • Advanced matching rules for attributes like AS_PATH, communities, and prefixes.
    • Improved syntax for defining filters, making configurations easier to manage.

4. Multiprotocol BGP (MP-BGP)

Multiprotocol BGP is now supported in RouterOS 7, allowing BGP to carry routing information for multiple network layer protocols, such as IPv4 and IPv6.

  • Use Cases:
    • Dual-stack networks that need both IPv4 and IPv6 routing.
    • VPN implementations and MPLS networks.

5. Route Reflector Improvements

The implementation of BGP route reflectors in RouterOS 7 has been enhanced, making it easier to manage large-scale BGP networks without the need for a full mesh topology.

  • Advantages:
    • Reduces the number of BGP sessions required in the network.
    • Simplifies configuration and maintenance of large networks.

6. BGP Confederations

Support for BGP confederations allows large networks to be divided into smaller, manageable sub-autonomous systems (sub-AS), reducing the complexity of configurations and improving scalability.

  • Benefits:
    • Simplifies policy management within large networks.
    • Reduces overhead in maintaining interconnections between sub-AS components.

7. Graceful Restart and BGP Session Resiliency

RouterOS 7 incorporates support for Graceful Restart, ensuring that BGP sessions can recover from interruptions without significant disruption to routing.

  • Features:
    • Minimized impact during router restarts or software upgrades.
    • Improved session stability in dynamic network environments.

8. Enhanced Performance and Scalability

RouterOS 7's BGP implementation is designed to handle larger routing tables and more complex topologies, making it suitable for modern networks with extensive routing requirements.

  • Key Improvements:
    • Faster convergence times.
    • Better performance in high-density network environments.

9. EVPN (Ethernet VPN) Support

RouterOS 7 has started to integrate support for EVPN, enabling more advanced Layer 2 and Layer 3 VPN services over BGP.

  • Applications:
    • Data center interconnects.
    • Multi-site enterprise networks with seamless Layer 2 extensions.

10. BGP Monitoring and Debugging Tools

Enhanced monitoring and debugging tools in RouterOS 7 make it easier to diagnose and troubleshoot BGP-related issues. Administrators have access to more detailed logs and metrics for proactive management.

  • Tools:
    • Real-time session monitoring.
    • Detailed route and attribute inspection.

Conclusion

The advancements in BGP within MikroTik’s RouterOS 7 signify a major step forward in routing capabilities. From improved scalability and flexibility to better performance and new features like MP-BGP and EVPN, RouterOS 7 equips network administrators with the tools they need to build and manage sophisticated networks.

Whether you’re managing a small ISP or a large enterprise network, these enhancements make RouterOS 7 an excellent platform for deploying and optimizing BGP. With its focus on scalability, redundancy, and ease of use, RouterOS 7 solidifies its place as a robust solution for modern networking challenges.

Comments (0) details