On Tue, Nov 1, 2016, at 07:45, Ben Croswell wrote: > The other option being having a master owned by your company and then > setting both external providers to secondary from your master. You to > maintain control over data and hqve diversity.
I use this approach here, it's proven to be very robust. Not only is the internal master well hidden to all but the secondaries, but if it does get directly targeted by a DDoS it won't impact your slaves at all. Obviously if your company is the target there probably isn't much you can do unless you have a very substantial anti-DDoS budget, but in the case of a DNS neighbour being the target, diversifying your DNS across 2-3 larger providers will ensure that you stay up.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
