|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Domain Name System protection
Hi, We are trying to extend our DNS service system in near future. In current stage, it consist of 2 SUN FIRE Server with Solaris8 and BIND9 installed. Each server is configured with a IP address which is known to our customers. The DNS server is set up as Cache Server because it only servers our customers to lookup domain names. We noticed there is continous name resolution requests from IP address outside of our address pool and also there is requests not conforming to DNS documents ( like those from 10/8, 192.168/16 or something for microsoft proxy server name). We think these request waste our resource and we don't want these system stable, secure and high performance. The amount of DNS requests processed in past week is about 0.8Billion. What I'm not sure with designing new Cache Server farm is : 1. Is that really required to protect DNS server by firewall? How does those ISPs, e.g. AT&T, Sprint,mae their DNS system highly available? Could we do that by filtering traffic besides port destinated to port 53? 2. How could we extend our server farm by adding new servers while announcing the same IP addresses to our customers? 3. Is there any evaluation result of DNS server software? e.g. performance, resource required, stability, security etc.? 4. Which hardware/OS platform is better for DNS service? 5. Is that possible to filter those requests not conforming to DNS documents? Each word will be highly appreciated! Joe __________________________________________________ Do You Yahoo!? Download the latest ringtones, games, and more! http://sg.mobile.yahoo.com
|