nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Akamai DNS Issue?

From: "Mark Radabaugh" <mark () amplex net>
Date: Wed, 16 Jun 2004 10:13:47 -0400


Workarounds and defences already exist, and have been in use for a long
time.


<long list removed>


Failures in master servers can be mitigated by having several of them;
simultaneous failure of all master servers can be managed to some
degree using appropriate SOA timers, so that slave servers provide
coverage while master servers are brought back into service.

Different styles of attack can be mitigated by different DNS hosting
strategies. A robustly-hosted zone will have an NS set that exhibits
several or all of these approaches (and others too).

The hosting of the root zone provides guidance, here.


Joe



But you don't say how to avoid failures caused by massive confusion when
maintaining a excessively complicated system....

Mark
Previous By Date Next
Previous By Thread Next

Current thread: