Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica

On Tue, Aug 04, 2015 at 12:00:32PM -0400, Jared Mauch wrote: > I recommend using DNSDIST to balance traffic at a protocol level as you can > have implementation diversity on the backside. > Here's an example dnsdist config you might find helpful: This sends queries to the first two serv

Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica

> As someone who once hosted TLD zones in a way that a query to a > particular nameserver could be answered by either NSD or BIND9, my > advice would be "don't do that". You're setting yourself up for > troubleshooting hell. for some folk, complexity is a career. i worked for circuitzilla for

Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica

On Tue, Aug 04, 2015 at 01:48:56PM -0400, Joe Abley wrote: > Hi Jared, > > On 4 Aug 2015, at 12:00, Jared Mauch wrote: > > >I recommend using DNSDIST to balance traffic at a protocol level as you > >can have implementation diversity on the backside. > > > >I can send an example config out later f

Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica

On Wed, Aug 05, 2015 at 02:39:18AM +1000, Mark Andrews wrote: > > In message <9c2aca5a-755d-4fcf-8491-745a1f911...@puck.nether.net>, Jared > Mauch writes: > > I recommend using DNSDIST to balance traffic at a protocol level as you can > > h= > > ave implementation diversity on the backside.=20 >

Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica

Hi Jared, On 4 Aug 2015, at 12:00, Jared Mauch wrote: I recommend using DNSDIST to balance traffic at a protocol level as you can have implementation diversity on the backside. I can send an example config out later for people. You can balance to bind NSD and others all at the same time :-)

Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica

On Tue, Aug 4, 2015 at 9:39 AM, Mark Andrews wrote: > In message <9c2aca5a-755d-4fcf-8491-745a1f911...@puck.nether.net>, Jared > Mauch writes: > > I recommend using DNSDIST to balance traffic at a protocol level as you > can h= > > ave implementation diversity on the backside.=20 > > > > I can se

Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica

In message <9c2aca5a-755d-4fcf-8491-745a1f911...@puck.nether.net>, Jared Mauch writes: > I recommend using DNSDIST to balance traffic at a protocol level as you can h= > ave implementation diversity on the backside.=20 > > I can send an example config out later for people. You can balance to bin

Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica

I recommend using DNSDIST to balance traffic at a protocol level as you can have implementation diversity on the backside. I can send an example config out later for people. You can balance to bind NSD and others all at the same time :-) just move your SPoF Jared Mauch > On Aug 4, 2015, at 10

Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica

On Tue, Aug 4, 2015 at 10:17 AM, Stephane Bortzmeyer wrote: > On Tue, Aug 04, 2015 at 10:03:33AM -0400, > Jay Ashworth wrote > a message of 6 lines which said: > >> Everyone got BIND updated? > > For instance by replacing it with NSD or Unbound? always great to jump ship from one platform to a

Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica

On Tue, Aug 04, 2015 at 10:03:33AM -0400, Jay Ashworth wrote a message of 6 lines which said: > Everyone got BIND updated? For instance by replacing it with NSD or Unbound?

Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica

Everyone got BIND updated? http://arstechnica.com/security/2015/08/exploits-start-against-flaw-that-could-hamstring-huge-swaths-of-internet/ -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.