Name server proxies (Was: Re: [SURBL-Discuss] Openrbl.org)

David Coulson david at davidcoulson.net
Fri Apr 16 21:03:46 CEST 2004


Jeff Chan wrote:
> I'm wondering if doing the same with DNS traffic would be
> possible or advisable as a way to protect the name servers.
> On the other hand if the proxies get DOSsed off the Internet,
> I'm not sure how much they would be helping at that point...

As one can have multiple NS entries for a zone, DNS has some degree of 
built in diversity limiting the impact of a box being dead or 
unavailable for a period of time. My server is not dependent upon Bill 
Stearns' being up, only that I can continue to rsync frequently for 
updates, and even if I can't rsync, I can still serve whatever I last 
grabbed.

As long as you have sufficient variation in your name servers registered 
with the root name servers, anyone wanting to DDOS SURBL would have to 
hit a large number of boxes.

David

-- 
David Coulson                                    email: d at vidcoulson.com
Linux Developer /                          web: http://davidcoulson.net/
Network Engineer                                   phone: (216) 533-6967



More information about the Discuss mailing list