This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[dns-wg] New DNS server
- Previous message (by thread): [dns-wg] New DNS server
- Next message (by thread): [dns-wg] New DNS server
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Joerg Schumacher
schuma at gaertner.de
Wed Sep 10 02:41:05 CEST 2003
>> We currently have two DNS servers : brainy1.ie-eg.com and >> brainy2.ie-eg.com We want to add a new DNS server >> brainy4.ie-eg.com > >it would be even brainier if you read rfc 2182 section 3, and put >at least one server at a tolpologically and geographically diverse >location. A pointer to a best current practice document is always helpful. RFC 2182 is getting old, I guess I'd also recommend that recursion is disabled on the servers. A "dig version.bind txt chaos @brainy1.ie-eg.com" returns 8.2.3-REL-IDNS. If this is an unpatched version you might want to read http://www.isc.org/products/BIND/bind-security.html. I still wonder why so many DNS operators don't pay attention to RFC 2182. Lots of domains have all their nameservers in a single AS. The worst example for what can go wrong I've seen so far was the trouble of web.de (a large freemailer in Germany) back in the last summer: They were multihomed but had both nameservers only connected via AS517. The KPNQwest network went suddenly down and both servers were unreachable. IIRC web.de somehow managed to get an "emergency rebuild" of the .de zone from DENIC. Did they learn something from this sad event? Nope: Both servers are again connected via a single AS. Joerg
- Previous message (by thread): [dns-wg] New DNS server
- Next message (by thread): [dns-wg] New DNS server
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]