nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Register.com DNS outages

From: "Patrick W. Gilmore" <patrick () ianai net>
Date: Sun, 14 Nov 2010 14:59:51 -0500
On Nov 14, 2010, at 2:28 PM, Brandon Kim wrote:


Isn't using register.com considered outsourcing? 

In fact, I'd probably feel better not outsourcing to a big shop who is such a big target.....a little security 
through obscurity doesn't hurt.... =)


All you have done is trade one hope (big shop is big enough to sustain an attack) for another hope (little shop which 
can't handle any DoS doesn't get DoS'ed).

Security through obscurity is not useless, but it is not a complete solution.  Some places are big targets but are 
massive enough to not go down.  Some places are small but still spend the time, effort, and money to keep their systems 
up.  It is more than just how big a target you are.  These days, any piss-ant hax0r can command 10s of 1000s of bots, 
and get pissed at any little site (domain / hostname / etc.) for any reason.  Everyone needs to be prepared.

A little research will tell you who has and who does not have the ability to support your needs.  Then you make a 
business decision about how much downtime costs vs. how much uptime costs.

Or you can host your own two name servers in the same rack of the same colo with two adjacent IP addresses in a /24 
owned by the hosting center.  That's about as "obscure" as you can get.  Then see how your security through obscurity 
works. :)

-- 
TTFN,
patrick



Subject: Re: Register.com DNS outages
Date: Sun, 14 Nov 2010 14:03:27 -0500
From: esanborn () tsd-inc com
To: fw () deneb enyo de; brandon.kim () brandontek com
CC: nanog () nanog org

Yes, however register.com does not allow their customers to list both their DNS servers and a customer's DNS server. 
End result is when the outage on their servers occurs you need to modify the config on their website so that it 
points back to your private DNS servers. Propagation delays are a pain....



----- Original Message -----
From: Florian Weimer <fw () deneb enyo de>
To: Brandon Kim <brandon.kim () brandontek com>
Cc: nanog group <nanog () nanog org>
Sent: Sun Nov 14 13:48:55 2010
Subject: Re: Register.com DNS outages

* Brandon Kim:


Times like this, makes you curious what kind of infrastructure
register.com has? How does one protect against DDOS?


You can outsource your DNS, but you better retain a server locally on
your network, so that you suffer less from that particular shared
toothbrush.
Previous By Date Next
Previous By Thread Next

Current thread: