Hola. Después del último ataque DoS a Dyn que dejó fuera varios
dominios famosos, se puso de moda tener "proveedores redundantes"
de DNS. O sea ya no basta lo bueno que sea cualquier proveedor,
siempre puede quedar fuera con un DoS gigante. Así que la
solución es tener al menos dos.
El problema entonces es que cada uno tiene su propia tecnología
o API, por lo que la complicación es automatizar las dos. Este
es un muy buen artículo de los developers de The Guardian con
su experiencia con Dyn y Route 53:
<https://www.theguardian.com/info/developer-blog/2016/dec/23/multiple-dns-sy…>
Por supuesto que nada de esto sería problema si se estandarizara
la forma de alimentar los secundarios, que... sorpresa! Existe desde
hace 20 años (AXFR/IXFR) ;)
Saludos,
Hugo
FYI
-------- Mensaje reenviado --------
Asunto: FW: Root Zone Trust Anchors updated
Fecha: Fri, 3 Feb 2017 18:30:23 +0000
De: James Gannon <james(a)CYBERINVASION.NET>
Responder a: James Gannon <james(a)CYBERINVASION.NET>
Para: NCSG-DISCUSS(a)LISTSERV.SYR.EDU
Important announcement from Kim Davies.
On 03/02/2017, 19:29, "root-dnssec-announce-bounces(a)icann.org on behalf of Kim Davies" <root-dnssec-announce-bounces(a)icann.org on behalf of kim.davies(a)iana.org> wrote:
>Yesterday, we successfully completed Root Zone KSK Ceremony 28. Part of this ceremony was to replicate a newly generated KSK in our key management facility on the US West Coast following its creation at the prior ceremony on the US East Coast in October 2016.
>
>Now that the KSK is safely instantiated in both locations, we consider this KSK operational, and the Root Zone Trust Anchors file has been updated to reflect this. The KSK generated in 2010 is still being used today but it is planned to transition to the new key later this year. Software implementers should make sure they have up-to-date root zone trust anchors and/or update mechanisms such that either trust anchor can be used to verify the root zone KSK.
>
>Information on the root anchors is at https://www.iana.org/dnssec/files
>
>This work is part of the Root KSK Rollover project, more information is at https://www.icann.org/resources/pages/ksk-rollover
>
>Kim Davies
>Director, Technical Services
>IANA Services
>
>_______________________________________________
>root-dnssec-announce mailing list
>root-dnssec-announce(a)icann.org
>https://mm.icann.org/mailman/listinfo/root-dnssec-announce