comments on speciel DNS setup?
Nate Duehr
nate at natetech.com
Wed Aug 30 23:05:52 UTC 2000
Agreed with Kevin, make sure to put your nameservers on different
networks with different Internet connectivity if possible.
My four hosting nameservers I maintain are located in three cities and
have at least two BGP peering routes out of each location onto a grand
total of five different backbone carriers.
Makes me sleep well at night. :)
On Wed, Aug 30, 2000 at 11:15:02AM +0000, christiantdk at my-deja.com wrote:
> Im running DNS servers for an ISP. We have 2 servers which are both
> authoritative for our domains and also the servers our customers sends
> their queries to.
>
> We have talked about splitting it up so we have 2 caching-only
> nameservers, and 3 authoritative nameservers which can only accept
> queries on the domains for which they are autoritative.
>
> The caching-only servers which probably will be the most expost ones,
> only need to have udp port 53 permitted and not tcp since clients use
> udp, this would increase security quite a bit. The question is just if
> this has any disadvantages??
>
> As I see it, the 3 autoritative name servers doesnt need the root zone
> since they should not answer queries about domains other than those
> which they are autoritative for. But Im not sure about CNAME records
> pointing to domains other than mine? But that would only be a problem
> if the server accepts recursive queries, which I guess it doesnt need
> to since it should only be servers which sends queries to those
> servers?..
>
> Anyone have experience with such a setup? Any other ISPs?
>
>
> Regards
> Christiantdk
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
>
--
Nate Duehr <nate at natetech.com>
GPG Key fingerprint = DCAF 2B9D CC9B 96FA 7A6D AAF4 2D61 77C5 7ECE C1D2
Public Key available upon request, or at wwwkeys.pgp.net and others.
-- Attached file included as plaintext by Listar --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5rZNQLWF3xX7OwdIRAth4AJ9jqmzygzZ52pehqd+zgW4L+wvaYgCaA04k
PAVyTsCtrweGJZoxZkk+j7I=
=23s6
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list