In article <mailman.546.1477931391.74444.bind-us...@lists.isc.org>, Ben Croswell <ben.crosw...@gmail.com> wrote:
> I think what we see as a result of this attack is DNS provider diversity > being the new buzz phrase. The same as not relying on a single ISP link i > see more people using multiple DNS providers. > The size of these attacks will grow as IoT continues to grow. It makes > sense to have diverse providers to ensure your domains are serviceable if a > provider gets attacked. My boss asked me to look into this after the attack. The sticking point seems to be that most DNS providers don't allow zone transfers from their servers. We currently get our auth DNS from SoftLayer, the hosting provider for our primary web, application, and database servers. I contacted them to find out if it's possible to enable zone transfers to a third party slave service, they said no; they suggested that we simply set up both services as masters, which would mean we'd have to update them independently (or write our own scripts that make use of each service's API). The customers of Dyn are in the same situation. Maybe last week's incident will prompt enough big customers to demand this that they'll change their policies. -- Barry Margolin Arlington, MA _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
