How to setup a backup NameServer?

Matus UHLAR - fantomas uhlar at
Wed Apr 30 14:07:32 UTC 2014

On 29.04.14 10:24, houguanghua wrote:
>I'm designing how to protect DNS for an ISP. The zones are not owned by the
> ISP.  The ISP wants to proect the DNS query during attacking.

>So it's not standard DNS solution.  During the attacking, the backup server
> will provide the DNS query and it works even if it can't refresh zones
> from primary NS.  Backup server is configured the private IP of this ISP. 
> All local DNS servers of this ISP knows where is the backup server.

ISP should just run a few recursive DNS servers for its clients.

They do not need to be accessible from the internet, only from its
customers' IPs.

Simply run a few DNS servers for your (and your clients) DNS zones, that do
not provide recursive DNS (only zones) and a few DNS servers that only
server recursive DNS for ISP clients.

This is (or at least should be) standard DNS servers' configuration at any

Matus UHLAR - fantomas, uhlar at ;
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
LSD will make your ECS screen display 16.7 million colors

More information about the bind-users mailing list