Jeff, my apologies. I read the quoting levels wrong.
On May 13, 2009, at 8:01 AM, Bradley Giesbrecht wrote:
On May 13, 2009, at 7:29 AM, Jeff Lightner wrote:
It is network redundancy only in so far the DOS attack doesn't cause
your CPU and memory to get slammed.
I would block the block the ip under attack upstream so no cpu or
memory issues.
I didn't claim anything other then there can be in fact value in
having one computer on more then one network.
This was in response to your comment "This would be completely
useless" which I disagree with.
//Brad
If you're doing redundancy you really ought to do the whole thing by
getting another server and putting IT on the other network. Then
you
don't have a single point of failure (unless they're both in the same
data center).
If you really want to do two different IPs on one host you could
probably use views to accomplish this but that would be all within a
single BIND setup so your theoretical DOS attack would probably cause
both views to have issues.
-----Original Message-----
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Bradley
Giesbrecht
Sent: Wednesday, May 13, 2009 10:22 AM
To: Stephane Bortzmeyer
Cc: bind-users@lists.isc.org
Subject: Re: two NS servers on a single host
On May 13, 2009, at 6:51 AM, Stephane Bortzmeyer wrote:
On Wed, May 13, 2009 at 09:02:55PM +0800,
Tech W. <tech...@yahoo.com.cn> wrote
a message of 34 lines which said:
I want to give two NS records for my domain, each NS take each of
the IP set in the host.
Why? This would be completely useless. RFC 1034 and other documents
call for at least two name servers, for redundancy reasons. If the
two
name servers are on the same host, what's the point? There would
be no
gain in reliability.
If you have ever had the ip for your name server the target of a dos
attack you could have blocked traffic to that ip and still had dns.
Two networks to same host is network redundancy and has value.
//Brad
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Please consider our environment before printing this e-mail or
attachments.
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or
confidential information and is for the sole use of the intended
recipient(s). If you are not the intended recipient, any
disclosure, copying, distribution, or use of the contents of this
information is prohibited and may be unlawful. If you have received
this electronic transmission in error, please reply immediately to
the sender that you have received the message in error, and delete
it. Thank you.
----------------------------------
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
