[192157] in North American Network Operators' Group
Re: Dyn DDoS this AM?
daemon@ATHENA.MIT.EDU (joel jaeggli)
Fri Oct 21 19:04:48 2016
X-Original-To: nanog@nanog.org
To: David Birdsong <david@imgix.com>, Randy Bush <randy@psg.com>
From: joel jaeggli <joelja@bogus.com>
Date: Fri, 21 Oct 2016 16:04:41 -0700
In-Reply-To: <CAOMvUQc0eDVa=UUhUQOZbbyfQYk--oTumO8p_TE3NUMH--RnKQ@mail.gmail.com>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--glepOnbQT1KUsNAlUkES6n4WbUseaOFg7
From: joel jaeggli <joelja@bogus.com>
To: David Birdsong <david@imgix.com>, Randy Bush <randy@psg.com>
Cc: North American Network Operators' Group <nanog@nanog.org>
Message-ID: <0823e08b-77bc-6510-d611-62792fa45566@bogus.com>
Subject: Re: Dyn DDoS this AM?
References: <CAC1-dt=AK-f7AeeqnM4k3O0Ev+2bAbpJMObcmV7vfQp2Mf8kmA@mail.gmail.com>
<m24m45wej6.wl-randy@psg.com>
<CAOMvUQc0eDVa=UUhUQOZbbyfQYk--oTumO8p_TE3NUMH--RnKQ@mail.gmail.com>
In-Reply-To: <CAOMvUQc0eDVa=UUhUQOZbbyfQYk--oTumO8p_TE3NUMH--RnKQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
On 10/21/16 3:21 PM, David Birdsong wrote:
> On Fri, Oct 21, 2016 at 2:58 PM, Randy Bush <randy@psg.com> wrote:
>
>> anyone who relies on a single dns provider is just asking for stuff su=
ch
>> as this.
>>
>> randy
>>
> I'd love to hear how others are handling the overhead of managing two d=
ns
> providers. Every time we brainstorm on it, we see it as blackhole of en=
g
> effort WRT to keeping them in sync and and then waiting for TTLs to cut=
an
> entire delegation over.
Not all the ones you might choose based on scale support axfr... That's
a bit of a problem for the most traditional approach to this., of those=20
that do it's straight-forward to use one as the master for another, or
use a hidden master. Your own master may have demonstrably lower
availability then one or the other of your providers. getting two well
considered choices to play nice with each other isn't that hard.
--glepOnbQT1KUsNAlUkES6n4WbUseaOFg7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iEYEARECAAYFAlgKnwoACgkQ8AA1q7Z/VrKb2gCggdfTTciiR7EHnRwIJh8iFTMe
/gwAniWfzW6FRiZC6gIgalt24LyuZdSw
=uKyk
-----END PGP SIGNATURE-----
--glepOnbQT1KUsNAlUkES6n4WbUseaOFg7--
