Firewalls: RE: Two ISP's to one DMZ

Firewalls
(July 1997)

Indexed By Thread: [Previous] [Next]

Subject:	RE: Two ISP's to one DMZ
From:	"Aaron J. Peterson" <aajpeter @ best . com>
Date:	Tue, 8 Jul 1997 00:53:17 -0700 (PDT)
To:	Firewalls @ GreatCircle . COM
Reply-to:	"Aaron J. Peterson" <aajpeter @ best . com>

All this talk about dynamic DNS as a solution to _anything_ suprizes me. 
This is an application where a key goal is to optimize recovery or
failover response time.  

You'd think that people actually believed that "dynamic DNS" is scalable. 
Keeping track of who to push deltas to aside, it seems to mee that one of
the key aspects of DNS, the distributed database that it is, was caching
for a significant period of time.

So, dynamic NAT + dynamic DNS, IMNSHO, is a poor solution due to the
connectivity loss during the time required to allow all the caches of all
the not-quite-bleeding-edge DNS servers to expire. 

I really must be missing a key point, please tell me what it is.

That leaves BGP as the only feasible, universal solution.

Sorry, this has little to do with firewalls proper, I'll shut up.

-Aaron J. Peterson
Opinionated Network Dabbler
aajpeter @
 best .
 com

Follow-Ups:

RE: Two ISP's to one DMZ
From: mikech @ avana . net

Indexed By Date	Previous:	FW-1 Performance From: Frank Post <fpost @ metronet . de>
Indexed By Date	Next:	Re: Routing with 2 checkpoint Firewalls From: "Jian Azari" <azari @ jazari . hpl . hp . com>
Indexed By Thread	Previous:	Re: Two ISP's to one DMZ From: mikech @ avana . net
Indexed By Thread	Next:	RE: Two ISP's to one DMZ From: mikech @ avana . net