Re: How to setup a backup NameServer?

Sun, 04 May 2014 11:07:30 -0700

Forwarder selection has been based on RTTs for quite a while now. So, if what you're trying to protect against is your "primary" forwarders being DoS'ed, why not just define your "primary" and "backup" forwarders in the same forwarder list? Due to RTT calculations, the "backup" forwarders would normally not be used (much), if they're slower, but in the DoS scenario, the queries would automatically fail over.
If your "backup" forwarders are *not* significantly slower than your "primary" ones, then *all*the*more*reason* for them to be in the forwarder list, in order to provide ongoing DoS protection. (Unless they're more expensive to use, perhaps? In that case, you might want into some sort of rate-limiting-based and/or load-balancer-based solution). 

                            - Kevin

On 5/3/2014 9:15 PM, houguanghua wrote:

Dave,

sorry for the delay reply.

These zones are not owned by ISP, such as: yahoo.com, facebook.com...

If such backup dns server is ready, ISP will talk to these WEB sites 
to keep synchronization with their authority NSs.

It's maybe a huge project.

Thanks,
Guanghua hou


>
> Message: 1
> Date: Tue, 29 Apr 2014 22:08:22 -0700
> From: Dave Warren <da...@hireahit.com>
> To: bind-users@lists.isc.org
> Subject: Re: How to setup a backup NameServer?
> Message-ID: <53608546.4050...@hireahit.com>
> Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
>
> On 2014-04-29 18:50, houguanghua wrote:
> > A lot of zones will be supported. All popular zones in the ISP.
> > Maybe the best solution is to hire some custom programming to develop
> > private system.
>
> How will you obtain copies of "all popular zones"? Are you just talking
> about zones you host, or things like Google?
>
> --
> Dave Warren
> http://www.hireahit.com/
> http://ca.linkedin.com/in/davejwarren
>
> -------------- next part --------------
> An HTML attachment was scrubbed...

> URL: 
<https://lists.isc.org/pipermail/bind-users/attachments/20140429/a463b663/attachment-0001.html>

>
> ------------------------------


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to