On 9/26/06, Jens Vagelpohl <[EMAIL PROTECTED]> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 26 Sep 2006, at 17:48, Justizin wrote:
> Well, since I don't know about the suggested provider, here's my
> concern - let's say I manage your DNS on my servers, and you want to
> provide your own local servers. How do you get a copy of the latest
> zone? Your IP must be listed in my server so that it is allowd to
> perform AXFR queries.
Do you know how DNS works? Slaves don't just ask for a transfer willy-
nilly. Slaves are known to the primary and they get told when to ask.
I'm not sure this is correct. We should investigate before insulting
each other's intelligence.
I know a great deal about how DNS works, thank you very much. ;)
> They will also probably provide us with 3-4 hosts which we can use for
> DNS. If You, me, and one other person each contribute two IP
> addresses on different network, that puts the zope.org zone in pretty
> good shape, because various caching nameservers will handle the
> trouble of determining which authoritative record is best for them to
> use.
>
> DNS may seem like a low-load service, but if you were to run a DNS
> provider yourself on a single machine, I challenge you to maintain 90%
> uptime. The last time I worked on a large DNS implementation we had
> twelve machines in each of two geographic locations - dual xeon
> machines with lots of RAM that did nothing but handle round-robin DNS
> queries.
I have no idea what you are talking about. This is not some huge DNS
service that we need. We need to serve exactly one zone. This can be
done from a Palm Pilot, to be honest. I have run DNS services for
years and years and don't share any of your doubts.
Okay, let's please not make this an argument.
*we* do not have large-scale DNS needs.
However, if we use someone like ZoneEdit.com, their nameservers are
highly loaded. So, as I said, if someone decides to launch a DNS
attack on ns1.zoneedit.com or whatever, it can affect the availability
of zope.org, unless there are alternates, which is what we all
propose.
It's a sad logical fallacy for you to state that because you have
never seen this problem, it does not exist. I spent nearly three
years as an engineer at one of the world's largest provider of managed
internet services, and I can tell you that NS.RACKSPACE.COM and
NS2.RACKSPACE.COM are hit multiple times a year by 8MB/s or greater
DDoS attack.
This was in a datacenter with 9GB/s of bandwidth via multiple OC-48 connections.
It's important.
--
Justizin, Independent Interactivity Architect
ACM SIGGRAPH SysMgr, Reporter
http://www.siggraph.org/
_______________________________________________
Zope-web maillist - Zope-web@zope.org
http://mail.zope.org/mailman/listinfo/zope-web
