John Young writes:
We had ordered that the two domains be put on two different boxes, geographically distant, to avoid both sites going down if one was knocked out. Hey, there's WMD about called PATRIOT.
The DNS has redundancy designed into it; there is no real advantage to having a disjoint set of servers for the two domains. You may as well have the widest possible set of servers for both.
However, now I learn that Verio uses one DNS server for the two boxes so an attacker needs only to throw one stone to kill both our birds. Grrr. That is what we wanted to avoid.
That doesn't seem right; traceroutes to both servers indicate that they are likely topologically distant. One appears to be around Washington, DC, and the other somewhere on the west coast.
A smart sales rep assured me that this was the way to go, after I had placed two orders for two machines to keep them separate. No need for that he said, let me tell you a better way. No doubt my simple-minded security method would have been breached by some Verio setup based on its own Japanese government spying principles, which is to say I can't escape being terrorized by Ashcroft.
Indeed so.