How to setup a backup NameServer?
Steven Carr
sjcarr at gmail.com
Tue Apr 29 07:19:34 UTC 2014
On 29 April 2014 07:06, houguanghua <houguanghua at hotmail.com> wrote:
> hi kevin,
>
> Stealth slaves can't be used as backup NS server. This backup server can't
> be accessed by all internet users.
> It can only be accessed by users from one ISP. It's used when all authority
> NSs are down, especially in case of DDoS attack.
>
> Guanghua Hou
That's not how DNS works, DNS is a distributed system for that precise reason.
Why would you only want users of a single ISP to be able to resolve a
domain if the primary nameservers are down? What happens if the
primary nameservers are down for more than SOA Expire time? your
secondaries will stop serving the zone anyway as they haven't been
able to refresh it from the primary master.
You asked this same question a few months ago without explaining why
you are wanting to do this and got roughly the same answers.
If you own the zone and know the IP address range used by the ISP then
you can create a separate view that contains your additional
nameserver that no one else will know about, though they still might
not be able to access it if the primary nameserver is down and the
additional nameserver isn't in the parent's glue records (clients
wouldn't be able to find it). But if you don't own the zone then there
is nothing you can do, it's not your zone to mess with.
If you're trying to mitigate DDoS look at bigger boxes, faster
bandwidth, packet filtering and DNS Anycast.
Steve
More information about the bind-users
mailing list