How to setup a backup NameServer?

Ryan Novosielski novosirj at
Wed Apr 30 05:23:48 UTC 2014

Hash: SHA1

On 04/29/2014 07:48 AM, /dev/rob0 wrote:
> On Tue, Apr 29, 2014 at 11:49:49AM +0100, Niall O'Reilly wrote:
>> At Tue, 29 Apr 2014 10:24:58 +0000, houguanghua wrote:
>>> Yes, I had asked the same question months ago. I'm designing
>>> how to protect DNS for an ISP. The zones are not owned by the
>>> ISP. The ISP wants to proect the DNS query during attacking. So
>>> it's not standard DNS solution. During the attacking, the
>>> backup server will provide the DNS query and it works even if
>>> it can't refresh zones from primary NS.
> 1.
>> Which (or how many) zones do you expect your backup server to
>> work for?
> (and why these zones in particular?)
> 2. Do you have zone transfer access for these zones? 3. How will
> you detect the attack and switch over to this "backup server"?
> You're asking for features which do not exist, and are unlikely to
> be in high demand. You're probably going to have to do/hire some
> custom programming, or else rethink the solution. I suspect the
> latter is your best bet.

To add a little to that: if it's a feature that doesn't exist and no
one wants, that often (though not always) means it's not a good idea.
DNS has been around a long time; everyone else has solved this problem
some other way (a couple of which have already been mentioned here).
There are a lot of ugly things ISP's do to DNS; I loathe all of them.
I suspect many customers do to.

- -- 
 ____*Note: UMDNJ is now Rutgers-Biomedical and Health Sciences*
 || \\UTGERS      |---------------------*O*---------------------
 ||_// Biomedical | Ryan Novosielski - Sr. Systems Programmer
 || \\ and Health | novosirj at - 973/972.0922 (2x0922)
 ||  \\  Sciences | OIT/Enterprise Infras. - ADMC 450, Newark
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird -


More information about the bind-users mailing list