[CLUE-Talk] FW: Microsoft domains unavailable - MS explains

[Grant Johnson]

Let us all learn from this.  This may or may not be an OS issue, 
BUT.....  All of their DNS servers are on one subnet!!!!  How dumb is that?

Here is what we can learn:  Don't put all of your eggs in one basket.

Linux lets you do this in amazing ways:

You could run different versions, and even completely different providers 
of DNS mixed across different networks.  So, when a vulnerability comes up 
with named, the BIND servers keep running.  When a bug comes up in the 2.4 
kernel that allows a remote crash, the 2.2 keeps running.

The very fabric of Linux, the fact that is is so customizeable, adds 
strength in a failover situation, by distributing the risk.  You could have 
2 DNS servers with almost nothing in common.  Imagine a 2.0.36 Alpha 
running named, and a 2.4.1 IA64 machine running BIND.  How many exploits do 
they have in common?

I know named is unstable and full of holes.  It was just meant to 
demonstrate that we have a choice.