Educause Security Discussion mailing list archives
Re: Hosting Another IHE's Web Services in the Event of a Disaster
From: "Clark, Joseph K" <ClarkJK () COFC EDU>
Date: Mon, 23 Oct 2006 16:06:45 -0400
The whole ttl question reminded me of a Slashdot article awhile back, http://ask.slashdot.org/article.pl?sid=05/04/18/198259 Thanks, Joseph Clark Senior Network Engineer IT, College of Charleston (843) 953-3846 | clarkjk () cofc edu -----Original Message----- From: Harry Flowers [mailto:flowers () MEMPHIS EDU] Sent: Monday, October 23, 2006 10:51 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Hosting Another IHE's Web Services in the Event of a Disaster You don't have to use your ISP as your DNS backup. In fact, if the problem is *at* your ISP, you'd be better off with someone who has a different ISP, especially if we're talking about getting to a server at another site that also didn't depend on that ISP. Pretty much anyone can be a secondary... You want it to be someone you have a degree of trust with, because they have the potential to change at least their instance of your DNS records, which can be used for "man in the middle" attacks. (See, we got back to security. ;-) About DNS TTL's, you can set them per record, so you could set up a handful of critical ones where you have a backup at another site to be lower than the default for your site. That way, there's only an increased load for that handful of address lookups (though, given the nature of what we're trying to accomplish, they may be the most heavily used ones). -- Harry Flowers Manager, Systems Software Information Technology Division The University of Memphis (901) 678-3650
-----Original Message----- From: John Kaftan [mailto:jkaftan () UTICA EDU] Sent: Monday, October 23, 2006 7:45 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Hosting Another IHE's Web Services in the Event of a Disaster I tried to get a secondary DNS setup offsite but our DNS guy shot it down. He said that the Tier1 DNS providers force an extended TTL to save traffic and cycles on their DNS servers. Therefore no matter what you set your TTL to some folks will not be able to get to your backup site for an extended period of time. Has anyone experienced this? I am looking to do this anyway in the near future as we are going to switch ISPs soon and I want to ease the pain of re-numbering. -----Original Message----- From: Valdis Kletnieks [mailto:Valdis.Kletnieks () VT EDU] Sent: Friday, October 20, 2006 6:48 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Hosting Another IHE's Web Services in the Event of a Disaster On Fri, 20 Oct 2006 16:22:15 CDT, Harry Flowers said:We're doing that with another university in our state system that's about 200 miles away. To answer the additional questionabout DNS, wehave a secondary at yet a different university in adifferent state. Atthe minimum, you'd want a secondary at your host site ifnowhere else.In the event of an emergency where none of your serviceswere available,you'd need to have someone edit the secondary manually tochange the IPaddress for you primary web server.The part people who do this *always* manage to forget is to publish the DNS entries with a low enough TTL to matter - if www.yourschool.edu has a 5-day TTL on it, it's likely going to be several days before some places notice.
Current thread:
- Hosting Another IHE's Web Services in the Event of a Disaster Neil Davin (Oct 20)
- <Possible follow-ups>
- Re: Hosting Another IHE's Web Services in the Event of a Disaster Joel Rosenblatt (Oct 20)
- Re: Hosting Another IHE's Web Services in the Event of a Disaster Hunt,Keith A (Oct 20)
- Re: Hosting Another IHE's Web Services in the Event of a Disaster Harry Flowers (Oct 20)
- Re: Hosting Another IHE's Web Services in the Event of a Disaster Greg Schaffer (Oct 20)
- Re: Hosting Another IHE's Web Services in the Event of a Disaster Valdis Kletnieks (Oct 20)
- Re: Hosting Another IHE's Web Services in the Event of a Disaster John Kaftan (Oct 23)
- Re: Hosting Another IHE's Web Services in the Event of a Disaster Harry Flowers (Oct 23)
- Re: Hosting Another IHE's Web Services in the Event of a Disaster Hunt,Keith A (Oct 23)
- Re: Hosting Another IHE's Web Services in the Event of a Disaster Clark, Joseph K (Oct 23)
- Re: Hosting Another IHE's Web Services in the Event of a Disaster John Kaftan (Oct 24)
- Re: Hosting Another IHE's Web Services in the Event of a Disaster Jeremy Mooney (Oct 24)