Name server proxies (Was: Re: [SURBL-Discuss] Openrbl.org)
David Coulson
david at davidcoulson.net
Fri Apr 16 21:03:46 CEST 2004
Jeff Chan wrote:
> I'm wondering if doing the same with DNS traffic would be
> possible or advisable as a way to protect the name servers.
> On the other hand if the proxies get DOSsed off the Internet,
> I'm not sure how much they would be helping at that point...
As one can have multiple NS entries for a zone, DNS has some degree of
built in diversity limiting the impact of a box being dead or
unavailable for a period of time. My server is not dependent upon Bill
Stearns' being up, only that I can continue to rsync frequently for
updates, and even if I can't rsync, I can still serve whatever I last
grabbed.
As long as you have sufficient variation in your name servers registered
with the root name servers, anyone wanting to DDOS SURBL would have to
hit a large number of boxes.
David
--
David Coulson email: d at vidcoulson.com
Linux Developer / web: http://davidcoulson.net/
Network Engineer phone: (216) 533-6967
More information about the Discuss
mailing list