Can I rely on my own DNS server in case of a global DNS blackout?

9

4

On March 31st 2012, Anonymous plan to take down the 13 root DNS servers that power the Internet: http://pastebin.com/NKbnh8q8

... and I don't want to even notice if it actually happens.

Assuming what they are trying to do is feasable:

  1. Are there any DNS servers that won't be affected that I can use?
  2. If not, is it possible to create a non-expiring cache of all DNS records on a local machine?
  3. If so, how would I go about doing this?

Of course, DNS changes wouldn't be reflected and TTL would have to be ignored; but that is better than all DNS lookups just timing out.

related question: How can I store DNS cache in case the DNS server goes down?

David Murdoch

Posted 2012-02-15T21:35:00.503

Reputation: 298

1I wonder how feasible just a DDoS actually is... – Shinrai – 2012-02-15T22:12:38.770

Answers

8

Having a cache of all DNS records is not feasible. Setting up your own root server on the other hand is! ICANN provides the root zone file here: http://www.internic.net/zones/root.zone

So just set up your own root server, point your DNS servers to it and you should not notice anything.

DaMacc

Posted 2012-02-15T21:35:00.503

Reputation: 318

1What kind of impact would this have on my bind9 installation? – Captain Giraffe – 2012-02-15T23:35:10.940

1

For Windows there was a program called Treewalkdns that acted as a personal caching dns server. It seems to have dropped out of site but it's probably available somewhere on the web.

There is a Linux program called PDNSD that addresses your requirements: http://members.home.nl/p.a.rombouts/pdnsd/index.html#aboutpdnsd

BJ292

Posted 2012-02-15T21:35:00.503

Reputation: 2 028

0

I can only answer your second question, sorry. Here goes:

It is possible to create a non-expiring cache of DNS records on a local machine by editing the hosts file. For example, you could add:

# Google
173.194.65.100 google.com www.google.com

To get the IP address to which a given domain name resolves, you could use ping or nslookup.

Mathias Bynens

Posted 2012-02-15T21:35:00.503

Reputation: 2 171

0

Rather than trying to set up your own root server, it'd probably be better to rely on Google's DNS servers for this:

http://code.google.com/speed/public-dns/

IPs:

  • 8.8.8.8
  • 8.8.4.4

It's likely that Google has a lot of DNS entries, and they definitely have enough processing power and bandwidth to have a very large DNS cache and survive constant polling from hundreds or thousands of users. My guess is that Google also isn't silly enough to let all their DNS entries expire if they can't contact the root servers.

You could also try connecting to OpenDNS. Maybe write the Google and OpenDNS IPs down somewhere anyway, so in case the root servers do indeed go down you have a few different options to try.

EDIT: Here is a more complete list of unofficial/alternate DNS root servers (on Wikipedia).

user118629

Posted 2012-02-15T21:35:00.503

Reputation:

Asked: 2012-02-15T21:35:00.503

Viewed: 1 100 times

Active: 2012-02-16T03:32:46.073