[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bind-users
Subject:    Re: Cache only and reverse mapping
From:       Matus UHLAR - fantomas <uhlar () fantomas ! sk>
Date:       2011-12-20 10:13:48
Message-ID: 20111220101348.GA31313 () fantomas ! sk
[Download RAW message or body]

On 19.12.11 11:40, sasa sasa wrote:
>>> I'm trying to setup a DNS for an ISP, this ISP's DNS is in =

>>> delegation tree (answering world), and I know about cache =

>>> vulnerabilities so I was wondering what is the best solution for =

>>> ISPs?
>>> By separating cache from authorities, you mean implementing 2 DNSs =

>>> (2 different IPs)?  This doesn't sound practical.

>>Wait, it's not "practical" for an ISP to serve different logical =

>> functions on different IP addresses?
>>What kind of ISP is this?

> My fault, apparently I was not thinking=A0straight, I was thinking that =

> we should give customers 2 DNSs IPs for 2=A0separate=A0functions!!  Now I =

> feel totally stupid, thanks Kevin.

well, you _should_ give customers 2 IPs for recursive dNS service, and =

2 hostnames (with different IPs) for DNS zones' NS records.
They _should_ run on different servers, or at least views.

Some customers do reregister their domains to different DNS providers, =

and later complain that you provide old zones to your other customers =

(because they did not tell you that you should stop providing them).

-- =

Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Honk if you love peace and quiet. =

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscri=
be from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
[prev in list] [next in list] [prev in thread] [next in thread]