On Friday, April 16, 2004, 5:10:50 PM, Raymond Dijkxhoorn wrote:
>> As one can have multiple NS entries for a zone, DNS has some degree of
>> built in diversity limiting the impact of a box being dead or
>> unavailable for a period of time. My server is not dependent upon Bill
>> Stearns' being up, only that I can continue to rsync frequently for
>> updates, and even if I can't rsync, I can still serve whatever I last
>> grabbed.
>>
>> As long as you have sufficient variation in your name servers registered
>> with the root name servers, anyone wanting to DDOS SURBL would have to
>> hit a large number of boxes.
> That, combined with views in the rootservers for the surbl.org domain can
> be nice to have. Like Clamav mirrors currently work. Depending on the
> source IP you get a set op nameservers listed. Based mostly on geographic
> locations.
OK This sounds like I should be asking our secondaries to carry
the surbl.org parent domain also, right? Then I would update the
root name servers to list all of them.
Please comment,
Jeff C.
>> As one can have multiple NS entries for a zone, DNS has some degree of
>> built in diversity limiting the impact of a box being dead or
>> unavailable for a period of time. My server is not dependent upon Bill
>> Stearns' being up, only that I can continue to rsync frequently for
>> updates, and even if I can't rsync, I can still serve whatever I last
>> grabbed.
>>
>> As long as you have sufficient variation in your name servers registered
>> with the root name servers, anyone wanting to DDOS SURBL would have to
>> hit a large number of boxes.
> That, combined with views in the rootservers for the surbl.org domain can
> be nice to have. Like Clamav mirrors currently work. Depending on the
> source IP you get a set op nameservers listed. Based mostly on geographic
> locations.
OK This sounds like I should be asking our secondaries to carry
the surbl.org parent domain also, right? Then I would update the
root name servers to list all of them.
Please comment,
Jeff C.