Thanks, Duc, for such a lucid and enlightening response on the topic of
"distributed architecture". Amplifying your response by illustrating the
consequences of "non" distributed architecture with respect to Microsoft
before they were hit with Denial of Service attacks, clarified the
explanation admirably.
It is surprising that the Holmes boys at Crosswinds got at least one part
of the equation right.
Thanks again, Duc (who obviously wears a "white hat" :>)
A - wrapping up Crosswinds in Canada
On 3/31/01 at 8:54 PM mailman wrote:
>That's pretty standard procedure, A.M. What one wants is a
>distributed architecture, especially in the locating of the
>nameservers, so that if one part of the network is knocked out for
>some reason (fibers got cut, network outage, etc.) the other
>server(s) can take up the slack and ensure that service is
>uninterrupted.
>
>(This is what the Microsofties got dinged on when hackers ran a DOS
>attack and took out all three of their nameservers, which turned out
>to be located in the same segment of their network. They were putting
>all of their nameserver eggs in one basket, so to speak. Makes you
>shake your head and wonder how Microsoft can get to where they are
>and still make that dilbertesque network architecture mistake. But I
>digress....)
>
>In the case of crosswinds, I surmise that GLOBIX.NET in New York is
>their upstream provider, hence the nameserver located in New York.
>It's not that GLOBIX.NET provides crosswinds with a dedicated box to
>be named ns2.crosswinds.net, rather it's just a case of aliasing
>their main nameserver to all of their client domains.
>
>And they apparently run their own nameserver on their local box in
>Toronto.
>
>Strictly on the network architecture front, I'd give crosswinds a
>passing grade for distributing their nameservers. Which is better
>than the Microsofties would get before getting a hard-knock lesson
>from the blackhats.
>
>Duc
