All name servers on one segment?

Adam Lang aalang at rutgersinsurance.com
Tue May 8 03:42:55 UTC 2001


I'd assume it is bad practice to have your backup DNS servers on the same
segment (if you can avoid it).  Like you said, one disaster can take out all
DNS resolution.

Adam Lang
Systems Engineer
Rutgers Casualty Insurance Company
http://www.rutgersinsurance.com
----- Original Message -----
From: "Kenneth Porter" <shiva at well.com.invalid>
Newsgroups: comp.protocols.dns.bind
To: <comp-protocols-dns-bind at moderators.isc.org>
Sent: Monday, May 07, 2001 7:03 AM
Subject: All name servers on one segment?


> Given the recent DNS attack on Microsoft, does it make sense for a large
> site to have all its name servers on one segment?
>
> I'm a HostPro hosting customer and I've noted that all their name servers
> are in 209.196.128/24. That seems particularly vulnerable.
>
> HostPro also doesn't keep domain records consistent with root records: For
> my two accounts they list dns[12].hostpro.net as my name servers in NSI's
> records, but the domain itself (sewingwitch.com) lists
> dns[12].netlimited.net for NS records. All 4 servers are in the same
> netblock, which suggests a single point of failure.
>
> HostPro just announced that Miss Universe is hosting with them, and
> missuniverse.com suffers from the same problem. The missuniverse.com NS
> records list 2 more servers in the same netblock, dns[12].netservers.net.
>
> For an economy hosting service, HostPro has done a pretty good job for me.
> Their handling of DNS leaves me a bit less than confident, though. Are my
> concerns misplaced?
>
> --
> Kenneth Porter
> http://www.sewingwitch.com/ken/
> Remove 'invalid' for correct email address



More information about the bind-users mailing list