On Sun, Aug 04, 2002 at 06:59:16PM +1200, Andy Linton wrote: You could run this on a PC based server with a decent amount of memory and no spinning disk for a few thousand dollars. Hardware is cheap, other issues to consider are: (1) what happens if it doesn't work --- who do I contact with a clue to deal with this? (2) what happens if someone gets access to this... could/should leaking DNS data be considering a security problem? But if you've arranged to have your web server off-site or you're getting your mail delivered to one of the big ISPs mail server instead of exposing your own, you're toast. If you do this, why host your own DNS though? And I'd rather have someone resolve my domain name and find the network is down when they try to use the address rather then get no response from the DNS and think "looks like that domain name is bogus". How do you get "looks like that domain name is bogus"? Can you show me an example of such a domain? You should get NS records from the parent zone at the very least (ignoring Network Solution's squatting/bastardisation). And at least that way mail will get queued in the system for a while until you sort out the network problems. Mail will get queued if your can't contact your name-servers. If not, your MTA is badly broken and you will have plenty of problems in the real world. It's interesting to do a 'dig ns xxxx' for most of the large ISPs in NZ. Most have their name servers apparently on the same segment. Yes, I check lionra.gen.nz before I posted my previous reply, but alas, I can't ridicule over that :) Perhaps they all have multiple DNS servers located globally and are using ANYCAST to make this transparent to us all but somehow I doubt it. If they are in the same prefix, this is pointless... consider global routing problems, they usually affect a prefix or not... not partially, so if you have all your DNS eggs in the same basket/prefix, you loose. I'm happy to be shot down in flames on this one as long as whoever does it publishes all the details here so that others can learn. (:-) Oh, I know for a *fact* many sites do indeed have their DNS servers (and email, and http, etc) all in the same network. I even pointed this out to people and was told things like "yes, but we have HSRP" or "it's good enough". Who am I to tell someone else how to ru(i)n their own network? :) --cw - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog