Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )

Jens Vagelpohl jens at dataflake.org
Tue Sep 26 12:07:48 EDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 26 Sep 2006, at 18:00, Justizin wrote:
>> Do you know how DNS works? Slaves don't just ask for a transfer  
>> willy-
>> nilly. Slaves are known to the primary and they get told when to ask.
>>
>
> I'm not sure this is correct.  We should investigate before insulting
> each other's intelligence.

This is exactly how it has correctly worked for me for years working  
with bind-based nameservers. You can always set up "rogue"  
secondaries that purport to serve zope.org, which then would have to  
be allowed to manually pull zone data, but what would be the point of  
that..?


> It's a sad logical fallacy for you to state that because you have
> never seen this problem, it does not exist.  I spent nearly three
> years as an engineer at one of the world's largest provider of managed
> internet services, and I can tell you that NS.RACKSPACE.COM and
> NS2.RACKSPACE.COM are hit multiple times a year by 8MB/s or greater
> DDoS attack.
>
> This was in a datacenter with 9GB/s of bandwidth via multiple OC-48  
> connections.

Sorry, I don't buy your argument. First of all, big companies like  
Rackspace will always be an attractive target. We're talking about  
one piddling open source project here. Secondly, you're omitting the  
need for economy/sanity. Rackspace has a strong economical need to be  
up 24/7. Yes, you could put 20 secondaries into the zope.org DNS  
structure, but what is the point? You will never need that capacity  
in your life. 3 total is plenty. With 20 secondaries you also have 20  
cats to herd, meaning 20 people who own and manage those secondaries.

jens

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFFGVBVRAx5nvEhZLIRAgIgAKCBWRVa9MUwVxi+sweMumRR7Cz/uACfWPzI
ZtTvQXT+wsDwsKPODXmMXbk=
=rK4u
-----END PGP SIGNATURE-----


More information about the Zope-web mailing list