nanog mailing list archives
Re: maybe a dumb idea on how to fix the dns problems i don't know....
From: Colin Alston <karnaugh () karnaugh za net>
Date: Mon, 11 Aug 2008 14:38:07 +0200
Joe Greco wrote:
Unix machines set up by anyone with half a brain run a local caching server, and use forwarders. IE, the nameserver process can establish a persistent TCP connection to its trusted forwarders, if we just let it.Organizations often choose not to do this because doing so involves more risk and more things to update when the next vulnerability appears. Inmany cases, you are suggesting additional complexity and management requirements. A hosting company, for example, might have 20 racks ofmachines with 40 machines each, which is 800 servers. If half of thoseare UNIX, then you're talking about 402 nameservers instead of just 2.
[Customers] <--/UDP/--> [DNS Cache] <--/TCP/--> [DNS servers] Not so?Of course, one shouldn't let the rest of the internet touch your DNS Cache query interface... but that's just obvious.
I mentioned this a while ago though, so I demand credit ;P Also, I think there is probably an IETF DNS WG list where this fits on topic (I have no idea what it may be though).
Current thread:
- Re: maybe a dumb idea on how to fix the dns problems i don't know...., (continued)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Chris Paul (Aug 10)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Victor Jerlin (Aug 10)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Chris Paul (Aug 10)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Cat Okita (Aug 10)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Joe Greco (Aug 10)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Chris Paul (Aug 10)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Joe Greco (Aug 10)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Michael Thomas (Aug 10)
- RE: maybe a dumb idea on how to fix the dns problems i don't know.... Tomas L. Byrnes (Aug 10)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Joe Greco (Aug 11)
- Re: maybe a dumb idea on how to fix the dns problems i don't know.... Colin Alston (Aug 11)
- RE: maybe a dumb idea on how to fix the dns problems i don't know.... Darden, Patrick S. (Aug 11)
- RE: maybe a dumb idea on how to fix the dns problems i don't know.... Darden, Patrick S. (Aug 11)