Name server proxies (Was: Re: [SURBL-Discuss]

David Coulson david at
Fri Apr 16 21:03:46 CEST 2004

Jeff Chan wrote:
> I'm wondering if doing the same with DNS traffic would be
> possible or advisable as a way to protect the name servers.
> On the other hand if the proxies get DOSsed off the Internet,
> I'm not sure how much they would be helping at that point...

As one can have multiple NS entries for a zone, DNS has some degree of 
built in diversity limiting the impact of a box being dead or 
unavailable for a period of time. My server is not dependent upon Bill 
Stearns' being up, only that I can continue to rsync frequently for 
updates, and even if I can't rsync, I can still serve whatever I last 

As long as you have sufficient variation in your name servers registered 
with the root name servers, anyone wanting to DDOS SURBL would have to 
hit a large number of boxes.


David Coulson                                    email: d at
Linux Developer /                          web:
Network Engineer                                   phone: (216) 533-6967

More information about the Discuss mailing list