two NS servers on a single host

Jeff Lightner jlightner at water.com
Wed May 13 17:50:26 UTC 2009 

No worries.  Compared to some posts directed my way in various forums
(even this list) this was mild and I just wanted to set the record
straight.

In one list I'm on this kind of response would immediately result in a 3
day thread about why top posting (or bottom posting or in line posting
or maybe all 3) is evil and causes cancer.  :)

-----Original Message-----
From: Bradley Giesbrecht [mailto:brad at pixilla.com] 
Sent: Wednesday, May 13, 2009 1:17 PM
To: Bradley Giesbrecht
Cc: Jeff Lightner; bind-users at lists.isc.org
Subject: Re: two NS servers on a single host

Jeff, my apologies. I read the quoting levels wrong.


On May 13, 2009, at 8:01 AM, Bradley Giesbrecht wrote:

>
> On May 13, 2009, at 7:29 AM, Jeff Lightner wrote:
>
>> It is network redundancy only in so far the DOS attack doesn't cause
>> your CPU and memory to get slammed.
>
> I would block the block the ip under attack upstream so no cpu or  
> memory issues.
>
> I didn't claim anything other then there can be in fact value in  
> having one computer on more then one network.
>
> This was in response to your comment "This would be completely  
> useless" which I disagree with.
>
> //Brad
>
>> If you're doing redundancy you really ought to do the whole thing by
>> getting another server and putting IT on the other network.   Then  
>> you
>> don't have a single point of failure (unless they're both in the same
>> data center).
>>
>> If you really want to do two different IPs on one host you could
>> probably use views to accomplish this but that would be all within a
>> single BIND setup so your theoretical DOS attack would probably cause
>> both views to have issues.
>>
>> -----Original Message-----
>> From: bind-users-bounces at lists.isc.org
>> [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Bradley
>> Giesbrecht
>> Sent: Wednesday, May 13, 2009 10:22 AM
>> To: Stephane Bortzmeyer
>> Cc: bind-users at lists.isc.org
>> Subject: Re: two NS servers on a single host
>>
>>
>> On May 13, 2009, at 6:51 AM, Stephane Bortzmeyer wrote:
>>
>>> On Wed, May 13, 2009 at 09:02:55PM +0800,
>>> Tech W. <techwww at yahoo.com.cn> wrote
>>> a message of 34 lines which said:
>>>
>>>> I want to give two NS records for my domain, each NS take each of
>>>> the IP set in the host.
>>>
>>> Why? This would be completely useless. RFC 1034 and other documents
>>> call for at least two name servers, for redundancy reasons. If the  
>>> two
>>> name servers are on the same host, what's the point? There would  
>>> be no
>>> gain in reliability.
>>
>> If you have ever had the ip for your name server the target of a dos
>> attack you could have blocked traffic to that ip and still had dns.
>>
>> Two networks to same host is network redundancy and has value.
>>
>>
>> //Brad
>> _______________________________________________
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>> Please consider our environment before printing this e-mail or  
>> attachments.
>> ----------------------------------
>> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or  
>> confidential information and is for the sole use of the intended  
>> recipient(s). If you are not the intended recipient, any  
>> disclosure, copying, distribution, or use of the contents of this  
>> information is prohibited and may be unlawful. If you have received  
>> this electronic transmission in error, please reply immediately to  
>> the sender that you have received the message in error, and delete  
>> it. Thank you.
>> ----------------------------------
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
 
Please consider our environment before printing this e-mail or attachments.
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------

More information about the bind-users mailing list