Re: PAB Re: site security

William Allen Simpson (wsimpson@greendragon.com)
Fri, 20 Feb 98 22:02:16 GMT


> From: Kent Crispin <kent@songbird.com>
> The CORE DNS and whois service are distinct parts of the SRS. The SRS
> processes transactions for registrars, and keeps a database. The
> zone files and whois masters are generated from that database and
> distributed to DNS/whois servers at other sites..
>
Thanks Kent. I had assumed that the databases were located on the same
server with the DNS primary, and the usual DNS and whois distribution
mechanisms were used. Thus, I thought that it was actual root servers
that were stolen.

> Registration database: The system is designed so that delayed requests
> are queued at the registrar (at least it was when I was involved). So
> the bottom line is that if you can rebuild the system in 24 hours at a
> different location you probably have adequate security. To do that
> you need 1) distributed warm backups of the current databases, 2)
> distributed copies of the software and configuration data, and 3)
> machines that can be converted to the purpose in a short time (and for
> a relatively short time, probably, since the primary site would
> certainly be insured and rebuilt).
>
OK. That looks correct. Did it work? Were there _distributed_
backups? The machines seemed to be able to get back up and working in a
relatively short time.

WSimpson@UMich.edu
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32