Name server proxies (Was: Re: [SURBL-Discuss] Openrbl.org)

Jeff Chan jeffc at surbl.org
Fri Apr 16 18:18:10 CEST 2004


On Friday, April 16, 2004, 5:10:50 PM, Raymond Dijkxhoorn wrote:
>> As one can have multiple NS entries for a zone, DNS has some degree of
>> built in diversity limiting the impact of a box being dead or 
>> unavailable for a period of time. My server is not dependent upon Bill 
>> Stearns' being up, only that I can continue to rsync frequently for 
>> updates, and even if I can't rsync, I can still serve whatever I last 
>> grabbed.
>> 
>> As long as you have sufficient variation in your name servers registered 
>> with the root name servers, anyone wanting to DDOS SURBL would have to 
>> hit a large number of boxes.

> That, combined with views in the rootservers for the surbl.org domain can 
> be nice to have. Like Clamav mirrors currently work. Depending on the 
> source IP you get a set op nameservers listed. Based mostly on geographic 
> locations.

OK This sounds like I should be asking our secondaries to carry
the surbl.org parent domain also, right?  Then I would update the
root name servers to list all of them.

Please comment,

Jeff C.



More information about the Discuss mailing list