<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">Forwarder selection has been based on
      RTTs for quite a while now. So, if what you're trying to protect
      against is your "primary" forwarders being DoS'ed, why not just
      define your "primary" and "backup" forwarders in the same
      forwarder list? Due to RTT calculations, the "backup" forwarders
      would normally not be used (much), if they're slower, but in the
      DoS scenario, the queries would automatically fail over.<br>
      <br>
      If your "backup" forwarders are *not* significantly slower than
      your "primary" ones, then *all*the*more*reason* for them to be in
      the forwarder list, in order to provide ongoing DoS protection.
      (Unless they're more expensive to use, perhaps? In that case, you
      might want into some sort of rate-limiting-based and/or
      load-balancer-based solution).<br>
      <br>
                                                                     
                                                                     
                                  - Kevin<br>
      <br>
      On 5/3/2014 9:15 PM, houguanghua wrote:<br>
    </div>
    <blockquote cite="mid:BAY173-W27B462F5B1CA5D53884B75BB4D0@phx.gbl"
      type="cite">
      <style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:微软雅黑
}
--></style>
      <div dir="ltr">Dave,<br>
         <br>
        sorry for the delay reply.<br>
         <br>
        These zones are not owned by ISP, such as: yahoo.com,
        facebook.com...<br>
        If such backup dns server is ready, ISP will talk to these WEB
        sites to keep synchronization with their authority NSs.<br>
        It's maybe a huge project.<br>
         <br>
        Thanks,<br>
        Guanghua hou<br>
         <br>
        <div><br>
          > <br>
          > Message: 1<br>
          > Date: Tue, 29 Apr 2014 22:08:22 -0700<br>
          > From: Dave Warren <a class="moz-txt-link-rfc2396E" href="mailto:davew@hireahit.com"><davew@hireahit.com></a><br>
          > To: <a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
          > Subject: Re: How to setup a backup NameServer?<br>
          > Message-ID: <a class="moz-txt-link-rfc2396E" href="mailto:53608546.4050007@hireahit.com"><53608546.4050007@hireahit.com></a><br>
          > Content-Type: text/plain; charset="iso-8859-1";
          Format="flowed"<br>
          > <br>
          > On 2014-04-29 18:50, houguanghua wrote:<br>
          > > A lot of zones will be supported. All popular zones
          in the ISP.<br>
          > > Maybe the best solution is to hire some custom
          programming to develop <br>
          > > private system.<br>
          > <br>
          > How will you obtain copies of "all popular zones"? Are
          you just talking <br>
          > about zones you host, or things like Google?<br>
          > <br>
          > -- <br>
          > Dave Warren<br>
          > <a class="moz-txt-link-freetext" href="http://www.hireahit.com/">http://www.hireahit.com/</a><br>
          > <a class="moz-txt-link-freetext" href="http://ca.linkedin.com/in/davejwarren">http://ca.linkedin.com/in/davejwarren</a><br>
          > <br>
          > -------------- next part --------------<br>
          > An HTML attachment was scrubbed...<br>
          > URL:
<a class="moz-txt-link-rfc2396E" href="https://lists.isc.org/pipermail/bind-users/attachments/20140429/a463b663/attachment-0001.html"><https://lists.isc.org/pipermail/bind-users/attachments/20140429/a463b663/attachment-0001.html></a><br>
          > <br>
          > ------------------------------<br>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Please visit <a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list

bind-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a></pre>
    </blockquote>
    <br>
  </body>
</html>