[128773] in North American Network Operators' Group
Re: Numbering nameservers and resolvers
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Mon Aug 16 03:05:52 2010
In-Reply-To: <4C68DF61.6080601@tiedyenetworks.com>
From: "Patrick W. Gilmore" <patrick@ianai.net>
Date: Mon, 16 Aug 2010 08:04:56 +0100
To: North American Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Composed on a virtual keyboard, please forgive typos.=20
On Aug 16, 2010, at 7:49, Mike <mike-nanog@tiedyenetworks.com> wrote:
> Hi Folks,
>=20
> I am needing to renumber some core infrastructure - namely, my nameserve=
rs and my resolvers - and I was wondering if the collective wisdom still say=
s heck yes keep this stuff all on seperate subnets away from eachother? Anyo=
ne got advice either way? Should I try to give sequential numbers to my reso=
lvers for the benefit of consultants ... like .11, .22 and .33 for my server=
ips?
1) Use different prefixes. A single prefix going down should not kill your e=
ntire network. (Nameservers and resolvers being unreachable breaks the whol=
e Internet as far as users are concerned.)
2) Consider trading secondary NS with another AS. This is for authorities o=
nly, recursive NSes should be on-net only.=20
3) Try not to use the first /24 in a large prefix. See as7007 incident for w=
hy, although that is probably less likely today.=20
4) Using easily memorized numbers for at least one authority & one resolved w=
ill help your NOC, but should not override other considerations.=20
That's a start, I'm sure others will have more suggestions.=20
--=20
TTFN,
patrick
