On Friday, April 16, 2004, 5:10:50 PM, Raymond Dijkxhoorn wrote:
As one can have multiple NS entries for a zone, DNS has some degree of built in diversity limiting the impact of a box being dead or unavailable for a period of time. My server is not dependent upon Bill Stearns' being up, only that I can continue to rsync frequently for updates, and even if I can't rsync, I can still serve whatever I last grabbed.
As long as you have sufficient variation in your name servers registered with the root name servers, anyone wanting to DDOS SURBL would have to hit a large number of boxes.
That, combined with views in the rootservers for the surbl.org domain can be nice to have. Like Clamav mirrors currently work. Depending on the source IP you get a set op nameservers listed. Based mostly on geographic locations.
OK This sounds like I should be asking our secondaries to carry the surbl.org parent domain also, right? Then I would update the root name servers to list all of them.
Please comment,
Jeff C.