On 29.04.14 10:24, houguanghua wrote:
I'm designing how to protect DNS for an ISP. The zones are not owned by the
ISP. The ISP wants to proect the DNS query during attacking.
So it's not standard DNS solution. During the attacking, the backup server
will provide the DNS query and it works even if it can't refresh zones
from primary NS. Backup server is configured the private IP of this ISP.
All local DNS servers of this ISP knows where is the backup server.
ISP should just run a few recursive DNS servers for its clients.
They do not need to be accessible from the internet, only from its
customers' IPs.
Simply run a few DNS servers for your (and your clients) DNS zones, that do
not provide recursive DNS (only zones) and a few DNS servers that only
server recursive DNS for ISP clients.
This is (or at least should be) standard DNS servers' configuration at any
ISP.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
LSD will make your ECS screen display 16.7 million colors
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
