Cache only and reverse mapping
Matus UHLAR - fantomas
uhlar at fantomas.sk
Tue Dec 20 10:13:48 UTC 2011
On 19.12.11 11:40, sasa sasa wrote:
>>> I'm trying to setup a DNS for an ISP, this ISP's DNS is in
>>> delegation tree (answering world), and I know about cache
>>> vulnerabilities so I was wondering what is the best solution for
>>> By separating cache from authorities, you mean implementing 2 DNSs
>>> (2 different IPs)? This doesn't sound practical.
>>Wait, it's not "practical" for an ISP to serve different logical
>> functions on different IP addresses?
>>What kind of ISP is this?
> My fault, apparently I was not thinking straight, I was thinking that
> we should give customers 2 DNSs IPs for 2 separate functions!! Now I
> feel totally stupid, thanks Kevin.
well, you _should_ give customers 2 IPs for recursive dNS service, and
2 hostnames (with different IPs) for DNS zones' NS records.
They _should_ run on different servers, or at least views.
Some customers do reregister their domains to different DNS providers,
and later complain that you provide old zones to your other customers
(because they did not tell you that you should stop providing them).
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Honk if you love peace and quiet.
More information about the bind-users