<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Forwarder selection has been based on
RTTs for quite a while now. So, if what you're trying to protect
against is your "primary" forwarders being DoS'ed, why not just
define your "primary" and "backup" forwarders in the same
forwarder list? Due to RTT calculations, the "backup" forwarders
would normally not be used (much), if they're slower, but in the
DoS scenario, the queries would automatically fail over.<br>
<br>
If your "backup" forwarders are *not* significantly slower than
your "primary" ones, then *all*the*more*reason* for them to be in
the forwarder list, in order to provide ongoing DoS protection.
(Unless they're more expensive to use, perhaps? In that case, you
might want into some sort of rate-limiting-based and/or
load-balancer-based solution).<br>
<br>
- Kevin<br>
<br>
On 5/3/2014 9:15 PM, houguanghua wrote:<br>
</div>
<blockquote cite="mid:BAY173-W27B462F5B1CA5D53884B75BB4D0@phx.gbl"
type="cite">
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:微软雅黑
}
--></style>
<div dir="ltr">Dave,<br>
<br>
sorry for the delay reply.<br>
<br>
These zones are not owned by ISP, such as: yahoo.com,
facebook.com...<br>
If such backup dns server is ready, ISP will talk to these WEB
sites to keep synchronization with their authority NSs.<br>
It's maybe a huge project.<br>
<br>
Thanks,<br>
Guanghua hou<br>
<br>
<div><br>
> <br>
> Message: 1<br>
> Date: Tue, 29 Apr 2014 22:08:22 -0700<br>
> From: Dave Warren <a class="moz-txt-link-rfc2396E" href="mailto:davew@hireahit.com"><davew@hireahit.com></a><br>
> To: <a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
> Subject: Re: How to setup a backup NameServer?<br>
> Message-ID: <a class="moz-txt-link-rfc2396E" href="mailto:53608546.4050007@hireahit.com"><53608546.4050007@hireahit.com></a><br>
> Content-Type: text/plain; charset="iso-8859-1";
Format="flowed"<br>
> <br>
> On 2014-04-29 18:50, houguanghua wrote:<br>
> > A lot of zones will be supported. All popular zones
in the ISP.<br>
> > Maybe the best solution is to hire some custom
programming to develop <br>
> > private system.<br>
> <br>
> How will you obtain copies of "all popular zones"? Are
you just talking <br>
> about zones you host, or things like Google?<br>
> <br>
> -- <br>
> Dave Warren<br>
> <a class="moz-txt-link-freetext" href="http://www.hireahit.com/">http://www.hireahit.com/</a><br>
> <a class="moz-txt-link-freetext" href="http://ca.linkedin.com/in/davejwarren">http://ca.linkedin.com/in/davejwarren</a><br>
> <br>
> -------------- next part --------------<br>
> An HTML attachment was scrubbed...<br>
> URL:
<a class="moz-txt-link-rfc2396E" href="https://lists.isc.org/pipermail/bind-users/attachments/20140429/a463b663/attachment-0001.html"><https://lists.isc.org/pipermail/bind-users/attachments/20140429/a463b663/attachment-0001.html></a><br>
> <br>
> ------------------------------<br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Please visit <a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list
bind-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a></pre>
</blockquote>
<br>
</body>
</html>