Is it good practice to Use the main webhosting server as ns1 in the likely event of a DOS attack?

2 posts / 0 new
Topic locked
Last post
#1 Sat, 05/05/2018 - 21:34
adamjedgar

Is it good practice to Use the main webhosting server as ns1 in the likely event of a DOS attack?

i note that in many tutorials we are directed to setup our main webhosting server as ns1 and a second virtualmin instance as ns2.

in the age when DOS attacks are a major concern, is this actually good practise?

for someone going out on their own with a webhosting business (albeit a very small startup), should i instead have a minimum 3 server setup or it is quite ok to go with the 2 server model as outlined in the BIND DNS tutorials? (ie web hosting server, ns1, ns2)

Mon, 05/07/2018 - 15:26
Diabolico
Diabolico's picture

The only way how you can protect your server against DDoS is using a service to mask your server IP(s) (e.g. CDN) or hardware solution what will wary with each DC/hosting company. First solution is cheaper and doesnt require support from the hosting company, but you must pay attention to cover all traces of your real IP, like sending emails, direct links for pictures, etc. Second solution is far better but the price can wary between each DC, like OVH/Hetzner have DDoS included for free but the quality isnt the best while for the top protection be prepared to pay from XXX to XXXX USD per IP per month.

Either way if someone wants to bring your server down with a DDoS attack and you dont have any of earlier mentioned protections - your server/network will overload and go down or the hosting company at first signs of DDoS will null-route all your IP(s). Whatever happens your server will go down, thats for sure.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Topic locked