Re: Automatic Retaliation contra DoS

[spacey () LENIN NU (Peter C. Norton)]

On Mon, May 29, 2000 at 06:02:07PM +0200, Daniel Roesen wrote:
> On Mon, May 29, 2000 at 04:28:32PM +0200, Felix von Leitner wrote:
> > Install a proper DNS software and this won't touch you.
> > I recommend http://cr.yp.to/dnscache.html.
>
> Proper as in:
>
> yp.to.                  1D IN NS        a.ns.yp.to.
> yp.to.                  1D IN NS        b.ns.yp.to.
>
> a.ns.yp.to.             1D IN A         131.193.178.181
> b.ns.yp.to.             1D IN A         131.193.178.181

Seems perfectly valid to me.

You're probably remarking on the perceived lack of reliability of using a
single system, and the need for a backup name server. You should know that
the only pages that this system serves live on it.  If its network is out
then there's no reason to presume that any of it's other services are up,
that they should be reachable, or that anything can be done about it.

In the case of a larger services: don't presume that just because you see
one IP adress that you're seeing one system, or one point of failure.

> ???

Take a look at the software, then see what you think of it.  It's far more
solid and far safer in design and implementation then any version of BIND.

--
The 5 year plan:
In five years we'll make up another plan.
Or just re-use this one.