Is there a reason to use internal DNS over 8.8.8.8?

As that server is clearly not being stressed I'm inclined to think that there is no reason to change anything. The network you have described really doesn't need internal DNS and not having it may even slow (briefly?) down the hacking attempts by the students, as it will not be immediately obvious what machine does what.

As you have given no indication at all that the present system isn't working perfectly there isn't an actual need to change anything.

In regard to

Google's 8.8.8.8 would seem to be a logical candidate

Why is that logical? Why not just use the ISP's DNS, or some other unfiltered source?

I would go even further and remove 4.2.2.2, as the likelyhood of it ever being hit by the clients is slim to none. After all, both the 2003 machine and the ISP's DNS would have to be down for that to happen. If you really feel a need for a third DNS source add the ISP's secondary instead.


When you outsource to another company, especially one that is doing it for free, you might consider what they are getting out of it. Google is in the information business, and they are getting another aspect of your (or your user's) traffic pattern.

If I were at a university that used google's name service, I would be raising privacy issues pretty darned fast.

Some things are best kept in house, and DNS resolution seems to be one of them. If you are unable or unwilling to run a stable server like BIND then purchase an appliance to do local DNS resolution.

DNS for a small site can run on a very small machine, but I'd not enable DNSSEC. :)