How to setup a backup NameServer?
kcd at chrysler.com
Sun May 4 18:06:23 UTC 2014
Forwarder selection has been based on RTTs for quite a while now. So, if
what you're trying to protect against is your "primary" forwarders being
DoS'ed, why not just define your "primary" and "backup" forwarders in
the same forwarder list? Due to RTT calculations, the "backup"
forwarders would normally not be used (much), if they're slower, but in
the DoS scenario, the queries would automatically fail over.
If your "backup" forwarders are *not* significantly slower than your
"primary" ones, then *all*the*more*reason* for them to be in the
forwarder list, in order to provide ongoing DoS protection. (Unless
they're more expensive to use, perhaps? In that case, you might want
into some sort of rate-limiting-based and/or load-balancer-based solution).
On 5/3/2014 9:15 PM, houguanghua wrote:
> sorry for the delay reply.
> These zones are not owned by ISP, such as: yahoo.com, facebook.com...
> If such backup dns server is ready, ISP will talk to these WEB sites
> to keep synchronization with their authority NSs.
> It's maybe a huge project.
> Guanghua hou
> > Message: 1
> > Date: Tue, 29 Apr 2014 22:08:22 -0700
> > From: Dave Warren <davew at hireahit.com>
> > To: bind-users at lists.isc.org
> > Subject: Re: How to setup a backup NameServer?
> > Message-ID: <53608546.4050007 at hireahit.com>
> > Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
> > On 2014-04-29 18:50, houguanghua wrote:
> > > A lot of zones will be supported. All popular zones in the ISP.
> > > Maybe the best solution is to hire some custom programming to develop
> > > private system.
> > How will you obtain copies of "all popular zones"? Are you just talking
> > about zones you host, or things like Google?
> > --
> > Dave Warren
> > http://www.hireahit.com/
> > http://ca.linkedin.com/in/davejwarren
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
> > ------------------------------
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users