Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica

• Previous message (by thread): Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica
• Next message (by thread): Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Jared,

On 4 Aug 2015, at 12:00, Jared Mauch wrote:

> I recommend using DNSDIST to balance traffic at a protocol level as 
> you can have implementation diversity on the backside.
>
> I can send an example config out later for people. You can balance to 
> bind NSD and others all at the same time :-) just move your SPoF

As someone who once hosted TLD zones in a way that a query to a 
particular nameserver could be answered by either NSD or BIND9, my 
advice would be "don't do that". You're setting yourself up for 
troubleshooting hell.

You can include different nameservers in the set for a single zone. 
Using different software for different nameservers can be sensible. 
Using different software for the same nameserver can be a nightmare.


Joe

• Previous message (by thread): Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica
• Next message (by thread): Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]