On 9/26/06, Jens Vagelpohl <[EMAIL PROTECTED]> wrote:
Hash: SHA1

On 26 Sep 2006, at 17:48, Justizin wrote:
> Well, since I don't know about the suggested provider, here's my
> concern - let's say I manage your DNS on my servers, and you want to
> provide your own local servers.  How do you get a copy of the latest
> zone?  Your IP must be listed in my server so that it is allowd to
> perform AXFR queries.

Do you know how DNS works? Slaves don't just ask for a transfer willy-
nilly. Slaves are known to the primary and they get told when to ask.

I'm not sure this is correct.  We should investigate before insulting
each other's intelligence.

I know a great deal about how DNS works, thank you very much. ;)

> They will also probably provide us with 3-4 hosts which we can use for
> DNS.  If You, me, and one other person each contribute two IP
> addresses on different network, that puts the zope.org zone in pretty
> good shape, because various caching nameservers will handle the
> trouble of determining which authoritative record is best for them to
> use.
> DNS may seem like a low-load service, but if you were to run a DNS
> provider yourself on a single machine, I challenge you to maintain 90%
> uptime.  The last time I worked on a large DNS implementation we had
> twelve machines in each of two geographic locations - dual xeon
> machines with lots of RAM that did nothing but handle round-robin DNS
> queries.

I have no idea what you are talking about. This is not some huge DNS
service that we need. We need to serve exactly one zone. This can be
done from a Palm Pilot, to be honest. I have run DNS services for
years and years and don't share any of your doubts.

Okay, let's please not make this an argument.

*we* do not have large-scale DNS needs.

However, if we use someone like ZoneEdit.com, their nameservers are
highly loaded.  So, as I said, if someone decides to launch a DNS
attack on ns1.zoneedit.com or whatever, it can affect the availability
of zope.org, unless there are alternates, which is what we all

It's a sad logical fallacy for you to state that because you have
never seen this problem, it does not exist.  I spent nearly three
years as an engineer at one of the world's largest provider of managed
internet services, and I can tell you that NS.RACKSPACE.COM and
NS2.RACKSPACE.COM are hit multiple times a year by 8MB/s or greater
DDoS attack.

This was in a datacenter with 9GB/s of bandwidth via multiple OC-48 connections.

It's important.

Justizin, Independent Interactivity Architect
ACM SIGGRAPH SysMgr, Reporter
Zope-web maillist  -  Zope-web@zope.org

Reply via email to