[AusNOG] Optus outage last night?
Chris Hurley
chris at minopher.net.au
Thu Jul 6 00:31:28 EST 2017
Sharing insights from those that know far me than me.
<https://www.menandmice.com/resources/webinar-dns-high-availability-tools/>
In short, the solution is that the 1st IP address should never go down.
This can be achieved by an DNS aware load-balancer, such as "dnsdist" or
"relayd" mentionied in the webinar. I've also have good experience with
the commercial A10 load-balancer.
>From the view of a DNS user, the solution is:
Don't use the providers DNS resolvers, run your own
It's usually faster to have own DNS resolver, and it's more secure
(DNSSEC validation).
For single machines, "dnssec-trigger"
(https://nlnetlabs.nl/projects/dnssec-trigger/) is a great solution for
Windows, MacOS X or Linux (should be in the package managers repository).
For larger networks (5-5000 Client machines), install one or more
dedicated DNS resolver (for small deployments, a Raspberry Pi 3 is
powerful enough) using Unbound, Knot-Resolver or BIND 9. For larger
deployments, use real server machines for the local resolver and deploy
dnsdist or relayd in an High-Availability setup in front of the resolvers.
So short version is Optus had an Œissue¹ and for home users the above
gives some options. And yes we are a local agent for Men and Mice, but
they only provide one of a couple of first class options.
If anyone would like to discuss off list please email me.
Regards,
Chris Hurley BE (Elec)
Signal Manager
******************************************************
Dragon Rail Pty Ltd Phone: 1300 730 531
74 Allanfield Crescent
Boronia, 3155 Victoria
Australia
******************************************************
>
More information about the AusNOG
mailing list