At 08:40 PM 3/31/96 -0500, Rabid Wombat wrote:
>Much snipped ....
>
>You should have something
>outside your domain registered, or you'll be very hard to find if
>anything tips over :)
I thought the point was to have dual paths to the same domain name.
>The DNS domain registration costs $100 for two years, last I heard. This
>includes entries for the DNS servers considered authoritative for your
>domain, but not the IP addresses of the systems within the domain - these
I'm an RFC 1597 fan.... only show your firewall and external DNS server
address. (I will NOT show you mine if you show me yours :)
>are handled by whatever DNS server is the authoratative (yours and/or
>your ISP's)
How is the authoritative server IP address defined at the Internic? I
thought (mistake #1) that it would still use the standard DNS A labels and
could therefor have two IP addresses associated with a single name entry.
The Internic must have addressed this... they provide a whole bunch of
altenate sites in the .cache. What if there were two enteries with the same
name and different IP addresses in their cache file? Would it still work in
a sequential manner? (I don't have access to a UNIX playground this
month...;(
>> Question - Why not use a single ISP? i.e. they (MCI, ATT, etc) should
have redundant systems and as long as you get separate physical links to
>This still only protects you against local loops being back-hoed, and
> It is very hard to twist the
>actual circuit routes, down to conduit channel and physical address of
>If you really need to keep your 'net access up, get access in two
>different geographic locations, via two different ISPs, and lease your
I still don't understand why not the same ISP with major hubs in different
locations, say N.Y.C. and Washington DC? Don't ISP's have distributed
computing on their minds? Seems silly to carry traffic accross country to
just sign on. I would expect a heirarchical user verification setup on a
national basis.
>own link between the two sites. Get both ISPs to supply both DNS entries,
>and keep the time-to-live down to five minutes or so, to keep other
>systems from caching the entry for extended periods (this will increase
>DNS requests).
Ouch! Five minute DNS updates could be a killer at a popular web site. And
your own leased line is vulnerable to the backhoe/train.
If the local backhoe is a real terror you can hit the microwave, radio
modem, and infrared products. The local phone co. will be happy to tell you
the address of your POP. Put the other end at a different POP. No real
cheap way to do it but "local bypass" used to be a hot phrase. If the
volume/speed requirement is low then VSAT might also be something to
consider though you may need to find a company willing to let you share
their earth hub to make things more affordable.
Jason Ambrose had a good idea to use BGP4 - if your router and local links
support it.
Adam Safier
CSC-SED-Infosec
asafier @
csc .
com
Expressed opinions are my own and might not be shared by my employer or
anyone else.
|
|
