On Thu, 25 Jan 2001, Rusty H. Hodge wrote:
Which would not have suffered such an impact had it been designed correctly, with geographical and topological disparity.
You sure it isn't designed that way? Just because the IPs are on the same /24 doesn't mean anything these days.
Other people share your thoughts Rusty. I just ran across the following on securitygeeks.shmoo.com: Authored by: gdead on January 25 2001 @ 10:53AM Just a quick comment on everyone saying that the MS nameservers are on the same subnet. We have no proof of that, and I would hope to god it's not true. They ARE from the same netblock from their AS (8070). That is an unforgivable sin. You should always have at least one nameserver outside your own AS Just In Case (tm). However, just because the IP's of the nameservers are adjancent don't mean the machines are. They could be in 2 or 4 different locations around the net (2 of the IP's are adjacent, and so are the second 2, indicating maybe two sets of two). However, due to the nature of DNS, you can have multiple nameservers scattered around your enterprise answer for a single IP. I've deployed this, and I know others have as well. Basically, your ingress router has a route to a local nameserver that responds to that IP. If that host dies, then the network routes take over and push the query to the next closest nameserver gets it and responds with an answer. So using 4 IP's MS may have 20 nameservers scattered all over the planet answering for those 4. Doubtful, but maybe. Ergo, we can't assume these boxes are anywhere near each other. If someone KNOWS how they're setup, please tell us. -Ian Ian Finlay