Network diversity Software diversity

Sean_Donelan · January 25, 2001, 1:19am

Although several people have leaped on the apparent lack of network
diversity in Microsoft name servers, there is a more general problem
which also affects networks using BIND.

Using FreeBSD and BIND on *ALL* your name servers may be just as
bad a practice as using Windows 2000 and Microsoft DNS on *ALL*
your name servers. I still think NSI is taking a tremendous risk
using identical servers for all their GTLD-servers, even though
they are geographically distributed.

You might try using UltraDNS on half your critical nameservers and
BIND on the other half. And even using Solaris on some of the
boxes and AIX or Linux, or NetBSD on the others. This is not because
I think one or the other has a fatal flaw, but because software is
a hard beast to manage. The idea behind diversity isn't you will
never have an error. But the errors are unlikely to strike both
servers at the same time.

If you use identical servers and identical software, no matter
how geopgrahically dispersed, a software flaw will affect all
your servers at the same time.

Software is what crashed the ATT long distance network, the
Worldcom frame-relay network, and even the one incident which
took out the entire ARPANET.

Bill_Woodcock · January 25, 2001, 4:59am

Agreed. The Nominum GNS service is still using BIND code everywhere for
the moment, but it's on heterogenous platforms, anyway... Every location
has both Solaris-on-Sparc and NetBSD-on-Intel. I think they have a free
or cheap way of using their network as secondaries, to try it out. That
might be a good way to start.

-Bill

_Greg_A_Woods · January 25, 2001, 5:46am

[ On , January 24, 2001 at 17:19:29 (-0800), Sean Donelan wrote: ]

Subject: Network diversity Software diversity

Using FreeBSD and BIND on *ALL* your name servers may be just as
bad a practice as using Windows 2000 and Microsoft DNS on *ALL*
your name servers. I still think NSI is taking a tremendous risk
using identical servers for all their GTLD-servers, even though
they are geographically distributed.

Yeah, I was going to mention that, but I thought I'd already been
preaching too much to the converted!

You might try using UltraDNS on half your critical nameservers and
BIND on the other half. And even using Solaris on some of the
boxes and AIX or Linux, or NetBSD on the others. This is not because
I think one or the other has a fatal flaw, but because software is
a hard beast to manage. The idea behind diversity isn't you will
never have an error. But the errors are unlikely to strike both
servers at the same time.

Therein lies the rub -- adding extra complexity to your systems also
makes them more difficult to manage, prone to error, and subject to
interoperational problems.

Diversity of all forms definitely has its advantages, but it has its
costs too. The trick is to find a fair balance.