On 19.12.11 11:40, sasa sasa wrote:
I'm trying to setup a DNS for an ISP, this ISP's DNS is in
delegation tree (answering world), and I know about cache
vulnerabilities so I was wondering what is the best solution for
ISPs?
By separating cache from authorities, you mean implementing 2 DNSs
(2 different IPs)? This doesn't sound practical.
Wait, it's not "practical" for an ISP to serve different logical
functions on different IP addresses?
What kind of ISP is this?
My fault, apparently I was not thinking straight, I was thinking that
we should give customers 2 DNSs IPs for 2 separate functions!! Now I
feel totally stupid, thanks Kevin.
well, you _should_ give customers 2 IPs for recursive dNS service, and
2 hostnames (with different IPs) for DNS zones' NS records.
They _should_ run on different servers, or at least views.
Some customers do reregister their domains to different DNS providers,
and later complain that you provide old zones to your other customers
(because they did not tell you that you should stop providing them).
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Honk if you love peace and quiet.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
