[71503] in North American Network Operators' Group
Re: Akamai DNS Issue?
daemon@ATHENA.MIT.EDU (Mark Radabaugh)
Wed Jun 16 10:14:41 2004
From: "Mark Radabaugh" <mark@amplex.net>
To: <nanog@merit.edu>
Date: Wed, 16 Jun 2004 10:13:47 -0400
Errors-To: owner-nanog-outgoing@merit.edu
> Workarounds and defences already exist, and have been in use for a long
> time.
<long list removed>
> Failures in master servers can be mitigated by having several of them;
> simultaneous failure of all master servers can be managed to some
> degree using appropriate SOA timers, so that slave servers provide
> coverage while master servers are brought back into service.
>
> Different styles of attack can be mitigated by different DNS hosting
> strategies. A robustly-hosted zone will have an NS set that exhibits
> several or all of these approaches (and others too).
>
> The hosting of the root zone provides guidance, here.
>
>
> Joe
>
But you don't say how to avoid failures caused by massive confusion when
maintaining a excessively complicated system....
Mark
