Re: Changing ISP?

[John Kaftan <jkaftan () UTICA EDU>]

I tried this cheap method with a cable modem connection but I got shot down
by our DNS administrator.  He said it would not work for two reasons.

1. The secondary DNS is actually used heavily even if the primary is up.  So
it will not work to have your secondary DNS offsite and have it resolve your
website's address to your backup connection.  If you did this lots of folks
would be directed to your cable modem even if your primary was up.

2. It takes up to 48 hours for all of the Internet DNS servers' cache to
time out and re-query your DNS server for a host name.  Therefore you cannot
just have your primary and secondary DNS in-sync up until an outage and then
edit your secondary during the outage to point to your backup.

Do you have a different experience?

I like the mail server suggestion.  I believe in it.



-----Original Message-----
From: Graham Toal [mailto:gtoal () UTPA EDU]
Sent: Wednesday, October 04, 2006 11:47 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Changing ISP?

> -- Money's an issue. You want survivability in case something
> goes wrong
>    with an individual provider, but if you're buying from a top of the
>    line provider, you're willing to assume than an outage (if
> one occurs),
>    will be brief, and you just don't want to be COMPLETELY off the air
>    during that time if that happens. In that case, you do
> something like
>    buy a comfortably sized connection from the so-called tier one, but
>    back it up with a (perhaps smaller) connection from a
> discount provider.
>    Your capabilities are less, but so are your costs.

One scenario worth considering here: assume you're doing this "on cheap"
and won't have anywhere near the capacity on your backup line to do
regular business - what services are critical?

My guess, mostly just email.  So set up a second IP address on the
ether interface of your mail server (or better, add a second card)
and hook that up to a single static IP from a cable or DSL provider
(about
$100/mo?); then set up a backup MX record for your mail server to
point to that second IP address.  When your main network goes down, you
will still receive incoming mail.  You may need to manually reconfigure
your mail server to send outgoing mail via that interface, or you might
be able to come up with some clever hack to do it automatically.

Cheap & nasty, but saves your ass from the most common complaint, which
is lost email.

Doing the same for web is much more complex and involves major hassles
with primary/secondary DNS.

Allowing people on campus to use a low-bandwidth backup in emergencies -
somehow prioritizing certain people's access to it - is a complex
problem
with expensive solutions - so much so in fact that I doubt you'd even
try
if all you have is a cheap DSL backup connection.

G