two NS servers on a single host

Bradley Giesbrecht brad at pixilla.com
Wed May 13 17:17:06 UTC 2009 

Jeff, my apologies. I read the quoting levels wrong.


On May 13, 2009, at 8:01 AM, Bradley Giesbrecht wrote:

>
> On May 13, 2009, at 7:29 AM, Jeff Lightner wrote:
>
>> It is network redundancy only in so far the DOS attack doesn't cause
>> your CPU and memory to get slammed.
>
> I would block the block the ip under attack upstream so no cpu or  
> memory issues.
>
> I didn't claim anything other then there can be in fact value in  
> having one computer on more then one network.
>
> This was in response to your comment "This would be completely  
> useless" which I disagree with.
>
> //Brad
>
>> If you're doing redundancy you really ought to do the whole thing by
>> getting another server and putting IT on the other network.   Then  
>> you
>> don't have a single point of failure (unless they're both in the same
>> data center).
>>
>> If you really want to do two different IPs on one host you could
>> probably use views to accomplish this but that would be all within a
>> single BIND setup so your theoretical DOS attack would probably cause
>> both views to have issues.
>>
>> -----Original Message-----
>> From: bind-users-bounces at lists.isc.org
>> [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Bradley
>> Giesbrecht
>> Sent: Wednesday, May 13, 2009 10:22 AM
>> To: Stephane Bortzmeyer
>> Cc: bind-users at lists.isc.org
>> Subject: Re: two NS servers on a single host
>>
>>
>> On May 13, 2009, at 6:51 AM, Stephane Bortzmeyer wrote:
>>
>>> On Wed, May 13, 2009 at 09:02:55PM +0800,
>>> Tech W. <techwww at yahoo.com.cn> wrote
>>> a message of 34 lines which said:
>>>
>>>> I want to give two NS records for my domain, each NS take each of
>>>> the IP set in the host.
>>>
>>> Why? This would be completely useless. RFC 1034 and other documents
>>> call for at least two name servers, for redundancy reasons. If the  
>>> two
>>> name servers are on the same host, what's the point? There would  
>>> be no
>>> gain in reliability.
>>
>> If you have ever had the ip for your name server the target of a dos
>> attack you could have blocked traffic to that ip and still had dns.
>>
>> Two networks to same host is network redundancy and has value.
>>
>>
>> //Brad
>> _______________________________________________
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>> Please consider our environment before printing this e-mail or  
>> attachments.
>> ----------------------------------
>> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or  
>> confidential information and is for the sole use of the intended  
>> recipient(s). If you are not the intended recipient, any  
>> disclosure, copying, distribution, or use of the contents of this  
>> information is prohibited and may be unlawful. If you have received  
>> this electronic transmission in error, please reply immediately to  
>> the sender that you have received the message in error, and delete  
>> it. Thank you.
>> ----------------------------------
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list