Viss10h ago

hey so here's a cool fun new thing to add to your threat model

something that polls your UPS to measure voltage, is somehow, inadvertently causing the network management card in it to puke, and when that thing reboots or crashes, it takes the UPS down with it (it reboots also) - and everything hung off that ups .. loses power. which includes your dns server.

so fucktardian windows machines and android devices that think the network is down if they cant resolve dns all disconnect from the lan

Show threadPaul_IPv610h ago

@Viss

crap like this was why, when i was the architect for a large ISPs DNS, i mandated that all DNS servers were clusters, were anycasted internally, all had dual power supplies, the power supplies were on different, UPS backed power A/B feeds per machine.

so many things shit the bed when they couldn't resolve something in DNS. it was easier just to grossly overbuild the DNS infra than try to get that many vendors to fix that many broken things.

Show threadScott VE3QBZ
@paul_ipv6 @Viss anycast with BFD is the way.
11:23pmWeb