No, I meant two totally separate chains. Yes, you can screw things up by not keeping them in sync, but too many extended outages have happened because you screw up the one true hidden master, and then it breaks and you can't clean up the public facing slaves fast enough (TTL, timeouts, etc). Defense in depth starts with "assume the worst single thing just happened for system X; now what?". Having two separate independent X is a good start. Certs are similar. The truly paranoid should have 2-3 separate CA's certs available for the service. The CA going south, insane, or having to revoke are all real risks. George William Herbert Sent from my iPhone On Dec 29, 2012, at 8:35 AM, Jay Ashworth <jra@baylink.com> wrote:
----- Original Message -----
From: "George Herbert" <george.herbert@gmail.com>
Maintaining zones separately is a reliability defense-in-depth technique anyways.
Well sure, but even if you had two separate sets of DNS zone resolver servers, which is what I think you actually mean, you would still *push them* from zones with the same SN, no?
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274 _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages