Re: Interesting
> I explicitly drop GoogleDNS at my network boundary. Those devices inevitably fall back to my DNS to continue working.
Me too, though with a slight difference (which is why I bothered to comment).
Rather than just dropping them (as you've then got to wait for the client to decide it's timed out before trying the correct DNS), I re-route them via my DNS server which intercepts them and replies on Google's behalf.
That way you don't get the performance penalty of waiting for the client to decide the thing's not responding.