Jeff Chan wrote:
I'm wondering if doing the same with DNS traffic would be possible or advisable as a way to protect the name servers. On the other hand if the proxies get DOSsed off the Internet, I'm not sure how much they would be helping at that point...
As one can have multiple NS entries for a zone, DNS has some degree of built in diversity limiting the impact of a box being dead or unavailable for a period of time. My server is not dependent upon Bill Stearns' being up, only that I can continue to rsync frequently for updates, and even if I can't rsync, I can still serve whatever I last grabbed.
As long as you have sufficient variation in your name servers registered with the root name servers, anyone wanting to DDOS SURBL would have to hit a large number of boxes.
David