Probably the idea is they offer large scale geographic diversity, and DDoS attack mitigation.
But it shakes your confidence when one person can type one wrong line into the config of one router and screw up the whole supposedly resilient network. -----Original Message----- From: AF <af-boun...@af.afmug.com> On Behalf Of Robert Sent: Sunday, July 19, 2020 1:10 PM To: af@af.afmug.com Subject: Re: [AFMUG] Federated Wireless SAS outage? Because someone "knows better".... Those who don't learn from history.... On 7/19/20 10:18 AM, Seth Mattinen wrote: > On 7/19/20 8:42 AM, Ken Hohhof wrote: >> The idea seems to be that you are outsourcing your redundancy to a >> big company like Cloudflare or Amazon that can do it better than you >> could, or at least has more resources. >> >> A quick read of some of the discussion lists indicates that you can’t >> run Cloudflare DNS and something else for redundancy. I don’t >> understand the technical issues, but apparently that’s not how it >> works. There’s also supposedly the issue that Cloudflare is doing >> attack mitigation, and if you disclose the IP addresses of your other >> DNS servers, they will get attacked and won’t be able to survive a >> terabit flood of traffic. >> > > > Which is completely opposite of the historical best practice of using > at least two unrelated DNS providers so all of your nameservers don't > share the same fate when a provider has an outage. > -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
