Add backup DNS server (outside your ISP's network)

To Do list of all new features which will be soon coded are posted in this forum.

Post Reply
Z
Posts: 189
Joined: 16 Jun 2006, 10:28
Contact:

Add backup DNS server (outside your ISP's network)

Post by Z » 13 Jun 2007, 04:39

Weaker link than you MX is your DNS....

Mail servers:

Code: Select all

Non-authoritative answer:
trashmail.net   MX preference = 10, mail exchanger = mx2.nerim.net
trashmail.net   MX preference = 0, mail exchanger = smtp.trashmail.net
trashmail.net   MX preference = 20, mail exchanger = trashmail.dedwen.info
DNS servers:

Code: Select all

Non-authoritative answer:
trashmail.net   name server = ns7.gandi.net
trashmail.net   name server = custom2.gandi.net
And those resolve to IPs:

Code: Select all

[217.70.177.44]
[217.70.179.35]
And routing to servers go trough hops:

Code: Select all

 13   222 ms    63 ms    63 ms  gandi.panap.fr [62.35.254.6]
 14    54 ms    63 ms    54 ms  vl7.c35th2.gandi.net [217.70.176.2]
 15    63 ms    63 ms    63 ms  ns7.gandi.net [217.70.177.44]

and

 13    62 ms    62 ms    63 ms  gandi.panap.fr [62.35.254.6]
 14    54 ms    63 ms    54 ms  vl7.c35th1.gandi.net [217.70.176.3]
 15    54 ms    54 ms    53 ms  custom2.gandi.net [217.70.179.35]
Meaning that they're in same "network location" and most probably also in same physical location.

So there isn't enough separation.

Because ...

If DNS is down, email is immediately LOST. If MX (mail) is down email will be QUEUED (for a period), even if you won't have backup email server. Now you have two and another in separate network which is great.

So you should have backup DNS service in some other network location too.

Don't worry. This is so common mistake that I laugh. Even Microsoft(tm) went down for it. They had backup servers all over the world, but all DNS servers were in one central location... Phew... People get backup servers, backup network connections but they wont ever think about DNS service before something bad happens.

Admin
Site Admin
Posts: 1245
Joined: 16 Jun 2006, 08:55
Location: Germany
Contact:

Re: Add backup DNS server (outside your ISP's network)

Post by Admin » 13 Jun 2007, 07:33

Z wrote:Weaker link than you MX is your DNS....

Mail servers:

Code: Select all

Non-authoritative answer:
trashmail.net   MX preference = 10, mail exchanger = mx2.nerim.net
trashmail.net   MX preference = 0, mail exchanger = smtp.trashmail.net
trashmail.net   MX preference = 20, mail exchanger = trashmail.dedwen.info
DNS servers:

Code: Select all

Non-authoritative answer:
trashmail.net   name server = ns7.gandi.net
trashmail.net   name server = custom2.gandi.net
And those resolve to IPs:

Code: Select all

[217.70.177.44]
[217.70.179.35]
And routing to servers go trough hops:

Code: Select all

 13   222 ms    63 ms    63 ms  gandi.panap.fr [62.35.254.6]
 14    54 ms    63 ms    54 ms  vl7.c35th2.gandi.net [217.70.176.2]
 15    63 ms    63 ms    63 ms  ns7.gandi.net [217.70.177.44]

and

 13    62 ms    62 ms    63 ms  gandi.panap.fr [62.35.254.6]
 14    54 ms    63 ms    54 ms  vl7.c35th1.gandi.net [217.70.176.3]
 15    54 ms    54 ms    53 ms  custom2.gandi.net [217.70.179.35]
Meaning that they're in same "network location" and most probably also in same physical location.

So there isn't enough separation.

Because ...

If DNS is down, email is immediately LOST. If MX (mail) is down email will be QUEUED (for a period), even if you won't have backup email server. Now you have two and another in separate network which is great.

So you should have backup DNS service in some other network location too.

Don't worry. This is so common mistake that I laugh. Even Microsoft(tm) went down for it. They had backup servers all over the world, but all DNS servers were in one central location... Phew... People get backup servers, backup network connections but they wont ever think about DNS service before something bad happens.
Yes the DNS is not secure enough. I need a backup DNS. But I don't want to run it directly on the TrashMail.net server because I risk to be hacked. I don't know if you are familar with the bind DNS security problems? :D
Best regards,
Stephan Ferraro
Founder of TrashMail.com
CEO of Aionda GmbH

Z
Posts: 189
Joined: 16 Jun 2006, 10:28
Contact:

Re: Add backup DNS server (outside your ISP's network)

Post by Z » 15 Jun 2007, 08:49

There are tons of "backup dns" service providers. Pick any.

Br,
Sami

Admin
Site Admin
Posts: 1245
Joined: 16 Jun 2006, 08:55
Location: Germany
Contact:

Re: Add backup DNS server (outside your ISP's network)

Post by Admin » 18 Jun 2007, 17:36

Z wrote:There are tons of "backup dns" service providers. Pick any.

Br,
Sami
Yep, but I suppose they costs money.
Best regards,
Stephan Ferraro
Founder of TrashMail.com
CEO of Aionda GmbH

Post Reply