secure DNS hosting?
Ori Berger
linux-il at orib.net
Wed Jan 27 19:35:22 IST 2010
shimi wrote:
> Are there such things as "specialized secure DNS host" or just about
>
> any host is good enough (e.g. we registered most of our domainsat
> godaddy).
>
>
> You could use the UltraDNS from Neustar services [1]. It WILL cost you
> :-) But I guess those guys know what they're doing: They run one of
> the root DNS servers of the Internet... they provide DNS service to
> some major companies out there, including Amazon.com. They use Anycast
> to take the queries to network-wise close locations, so they'll be
> answered fast and also limit the effect of DoS attacks to only the
> part of the world where the attack came from.
I have no specific knowledge of UltraDNS, and if Amazon uses them, I'm
sure they're very good at what they are doing.
However, please be aware that DNS based attacks are often not directed
at infrastructure under the attacked entity's control (e.g. poisoning
resolvers, netbios replies, initiatiating domain transfers through a
less-than-competent registrar, etc). And while you should do what you
can to secure your DNS infrastructure, you should be using other means
as well - e.g. server certificates; client certificates; RSA tokens, etc.
More information about the Linux-il
mailing list