[dns-operations] How Stack Overflow plans to survive the next DNS attack

Ray Van Dolson rvandolson at esri.com
Wed Jan 11 20:36:16 UTC 2017


On Wed, Jan 11, 2017 at 12:27:07PM -0800, Paul Vixie wrote:
> On Wednesday, January 11, 2017 12:20:37 PM PST Stephane Bortzmeyer wrote:
> > I also note that it is is difficult (too difficult) to have several
> > DNS providers. They don't accept AXFR/IXFR so the customer is
> > locked. Or has to do synchronisation by himself, with custom software
> > driving the various APIs.
> 
> i hope you write a blog on this topic; i would circulate that URL far and wide.
> there's a reason why the economy benefits from standardization, and any
> authority dns provider who won't speak IXFR/NOTIFY/AXFR ought to be named and
> shamed.

This has made some services a non-starter for us (e.g. Route53).  Our
IPAM tools interface w/ BIND servers in a hidden master role well, and
relying on AXFR to push out to Dyn/Akamai FastDNS, etc. makes it all
very simple.

Ray



More information about the dns-operations mailing list