[132104] in North American Network Operators' Group
Re: Register.com DNS outages
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Sun Nov 14 14:59:57 2010
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <BLU158-w177F637BA392E5A465DA4CDC350@phx.gbl>
Date: Sun, 14 Nov 2010 14:59:51 -0500
To: nanog group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Nov 14, 2010, at 2:28 PM, Brandon Kim wrote:
> =08Isn't using register.com considered outsourcing?=20
>=20
> In fact, I'd probably feel better not outsourcing to a big shop who is =
such a big target.....a little security through obscurity doesn't =
hurt.... =3D)
All you have done is trade one hope (big shop is big enough to sustain =
an attack) for another hope (little shop which can't handle any DoS =
doesn't get DoS'ed).
Security through obscurity is not useless, but it is not a complete =
solution. Some places are big targets but are massive enough to not go =
down. Some places are small but still spend the time, effort, and money =
to keep their systems up. It is more than just how big a target you =
are. These days, any piss-ant hax0r can command 10s of 1000s of bots, =
and get pissed at any little site (domain / hostname / etc.) for any =
reason. Everyone needs to be prepared.
A little research will tell you who has and who does not have the =
ability to support your needs. Then you make a business decision about =
how much downtime costs vs. how much uptime costs.
Or you can host your own two name servers in the same rack of the same =
colo with two adjacent IP addresses in a /24 owned by the hosting =
center. That's about as "obscure" as you can get. Then see how your =
security through obscurity works. :)
--=20
TTFN,
patrick
>> Subject: Re: Register.com DNS outages
>> Date: Sun, 14 Nov 2010 14:03:27 -0500
>> From: esanborn@tsd-inc.com
>> To: fw@deneb.enyo.de; brandon.kim@brandontek.com
>> CC: nanog@nanog.org
>>=20
>> Yes, however register.com does not allow their customers to list both =
their DNS servers and a customer's DNS server. End result is when the =
outage on their servers occurs you need to modify the config on their =
website so that it points back to your private DNS servers. Propagation =
delays are a pain....
>>=20
>>=20
>>=20
>> ----- Original Message -----
>> From: Florian Weimer <fw@deneb.enyo.de>
>> To: Brandon Kim <brandon.kim@brandontek.com>
>> Cc: nanog group <nanog@nanog.org>
>> Sent: Sun Nov 14 13:48:55 2010
>> Subject: Re: Register.com DNS outages
>>=20
>> * Brandon Kim:
>>=20
>>> Times like this, makes you curious what kind of infrastructure
>>> register.com has? How does one protect against DDOS?
>>=20
>> You can outsource your DNS, but you better retain a server locally on
>> your network, so that you suffer less from that particular shared
>> toothbrush.
>>=20
> =20
