I know the basic DNS stuff, but the advanced stuff leaves gray matter trickling down my ears. I am developing a DNS strategy that provides some fail-over to an alternate site (I don't want everything on one server), and I need your incredible help.
BlueWho.com advertises this service: Run your domains off your own IP rather than the server IP.On most shared servers all domains run off the main server IP address. This can cause problems with security and DOS attacks, for that reason we do things a bit different. Domains under your account will be run off your second IP, thus shielding you from such attacks.
Since I don't of anyone else doing this, I am wondering if this is effective? And if it is, how do set it up?
The other question I have is setting up some kind of account fail-over using DNS, such as zoneedit.com and easydns.com provide. How do I plan for this, assuming I get 2 IPs for primary name servers, and could possibly sqeeze another out of ARIN for a SSL. Is my attempt to increase security, reduce Dos attackes, and gain some failover using DNS as useless and pathetic as I am?
I am a noobie to advanced DNS stuff, so a detailed response is appreciated.
PS Mods, if you feel this should be in the security forum, pls move.
"Beer is proof that God loves us and wants us to be happy" -- Ben Franklin Twice Tied Laces
That's basically corporate babble. There's absolutely nothing wrong with shared hosting (shared, meaning virtualhosting many sites off of a single IP). DoS attacks can occour, but shared hosting is a whole lot cheaper than dedicated, so this is a risk you take. If the company's up/downstreadm cannot cope with the bandwidth sustained in a DoS attack, perhaps they're not even worthy of hosting your site.
Further, a DoS attack will effect the entire internet connection, not just a single IP, in most every case that I can think of. This company is wasting resources by allocating an unnecessary number of IPs, and misleading the customer to an extent. Hope that helps.
I don't really know a whole lot about failover DNS. I would like to investigate it, because it looks like something that many people would like to take advantage of.