[34015] in North American Network Operators' Group
Re: How common is lack of DNS server diversity?
daemon@ATHENA.MIT.EDU (Thomas Kernen)
Fri Jan 26 22:19:48 2001
Message-ID: <3A723DB2.A5DB09AD@deckpoint.ch>
Date: Fri, 26 Jan 2001 23:17:06 -0400
From: Thomas Kernen <tkernen@deckpoint.ch>
MIME-Version: 1.0
To: Sean Donelan <sean@donelan.com>
Cc: nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
And what happens if the 4.0.0.0/8 route is flapped from the
routing table? No more DNS. So you still want route diversity
that isn't in the same block or aggregated block.
Then I guess you try and get a bunch of /24's for your name servers
but they might get filtered elsewhere by someone else.
Thomas
Sean Donelan wrote:
>
> Mice and Men found that 38% of the .COM domains surveyed
> had all their name servers on the same subnet. And 75%
> had one or more configuration errors.
>
> http://www.menandmice.com/dnsplace/healthsurvey.html
>
> DNS, like most databases, suffers from information entropy.
>
> In other words, it takes a lot of energy to keep information
> correctly updated while it is being changed. Anyone who has
> been Hostmaster for even a moderately sized ISP knows there
> is an amazing number of ways for people to mess up any of the
> pieces of data required to make the whole thing work.
>
> As several people pointed out, you can't really assume close
> IP addresses are in fact topologically close on the network.
>
> For example, if you look at the name severs for GENUITY.NET
>
> Domain servers in listed order:
>
> DNSAUTH1.SYS.GTEI.NET 4.2.49.2
> DNSAUTH2.SYS.GTEI.NET 4.2.49.3
> DNSAUTH3.SYS.GTEI.NET 4.2.49.4
>
> They appear to be closely related. However, the addresses are
> in fact routed to very diverse locations on Genuity's network.
>
> You will find the same thing if you look at the name servers
> for UU.NET
>
> Domain servers in listed order:
>
> AUTH00.NS.UU.NET 198.6.1.65
> AUTH60.NS.UU.NET 198.6.1.181
>
> These servers are also geographically diverse.
>
> So I'm not sure if the 38% number is a true indication of how
> much diversity DNS servers have.
