DNS for debmal.my

11 views
Skip to first unread message

Garfield WTF

unread,
Jan 13, 2011, 11:48:11 AM1/13/11
to Komuniti Pengguna Debian
In earlier of the month, our portal was suffering down time due to the
DNS host of debmal.my was down because of all 4 of their DNS servers
across 2 continents was mitigated a large scale of DDoS attack.

Yeah, NS1 at London, NS2 at Dallas, NS3 & NS4 at Sofia(Bulgaria) was
attacked.

Although this incident was causing a lot of websites down due to
unable to reach the DNS server, but I think it is still ok to use the
ClouDNS DNS service.

But still, it is best to do some precausions.

Here I would like to suggest my plan on having a backup DNS for our
domain debmal.my.

So, the Primary DNS host, we will still use ClouDNS.
So, NS1 will be on ClouDNS ns1.cloudns.net.
And since ClouDNS also have their own secondary DNS, so we just use
it.
then NS2 will be ns2.cloudns.net, NS3 will be ns3.cloudns.net, NS4
will be ns4.cloudns.net.

Although ClouDNS also have another 2 emergency DNS as backup, which is
premiumns1.cloudns.net and premiumns1.cloudns.org. But it doesn't mean
we able to use it all the time, as it is for premium users of theirs.
Although they used to open for free users(we are also using the free
plan) during the DDoS incident, but we do not know if they will still
open it for free users to use in the future or not.

So, we will point our NS5,NS6,NS7 and NS8 to afraid.org.
We will setup our domain at afraid.org as a slave zone for backup DNS
purpose, in case of all 4 ClouDNS DNS servers get attack all at once
again.
About the DNS records, we will not need to worry, as slave DNS server
will fetch all the records from the primary server.

If wanted to be more safe, we can setup a tertiary DNS host as a slave
zone as backup.
We can setup the tertiary DNS at xname.org or we can host it locally
at the debmal.my hosting server.
If thats the case, we will going to have NS9 and NS10.

Anyway, before this I used to suggested CloudFlare.
But with this type of configuration, we will not able to use
CloudFlare anymore as CloudFlare require us to point only to 2 of
their nameserver and do not allow other NS as well as unable to allow
us to create slave zones to fetch the records from them.
So this means we will need to drop the plan for using CloudFlare.

By the way, this is only my suggestion. It will not be implement until
I get approval from you all yet.
So please respond to this proposal so that we can discuss further
improving the DNS of our portal and other websites.

--
GarfieldWTF
Debian User Community (Malaysia)
http://debmal.my

Umarzuki Bin Mochlis Moktar

unread,
Jan 13, 2011, 9:05:25 PM1/13/11
to deb...@googlegroups.com
I agree

Any more idea? Anyone?

Reply all
Reply to author
Forward
0 new messages