John Young writes: >We had ordered that the two domains be put on two different >boxes, geographically distant, to avoid both sites going >down if one was knocked out. Hey, there's WMD about >called PATRIOT.
The DNS has redundancy designed into it; there is no real advantage to having a disjoint set of servers for the two domains. You may as well have the widest possible set of servers for both. >However, now I learn that Verio uses one DNS server for >the two boxes so an attacker needs only to throw one stone >to kill both our birds. Grrr. That is what we wanted to avoid. That doesn't seem right; traceroutes to both servers indicate that they are likely topologically distant. One appears to be around Washington, DC, and the other somewhere on the west coast. >A smart sales rep assured me that this was the way to >go, after I had placed two orders for two machines to keep >them separate. No need for that he said, let me tell you >a better way. No doubt my simple-minded security method >would have been breached by some Verio setup based on >its own Japanese government spying principles, which is >to say I can't escape being terrorized by Ashcroft. Indeed so.