Re: Domain Not Resolving

Wed, 22 Nov 2017 06:48:40 -0800 


Am 22.11.2017 um 15:02 schrieb Ray Bellis:

On 21/11/2017 17:30, Reindl Harald wrote:


because of https://www.iana.org/help/nameserver-requirements and he
should not have allowed this setup at all because "Minimum number of
name servers - There must be at least two NS records listed in a
delegation, and the hosts must not resolve to the same IP address"

and the next paragraph makes it clear that even a second machine in the
same subnet is not enough for obvious reasons

Network diversity
The name servers must be in at least two topologically separate
networks. A network is defined as an origin autonomous system in the BGP
routing table. The requirement is assessed through inspection of views
of the BGP routing table


Those requirements are the ones that apply to delegations in the root zone.



every registry i know enforces that points too based on 
https://tools.ietf.org/html/rfc1034 and "A given zone will be available 
from several name servers to insure its availability in spite of host or 
communication link failure. By administrative fiat, we require every 
zone to be available on at least two servers, and many zones have more 
redundancy than that" and when one thinks that RFC's are just a "request 
for comment".. well..



i have even seen requirements of 3 nameservers while it's common sense 
that when you need to have two that it's pointless using the same 
machine as well as it's pointless have two MX records pointing to the 
same IP



additionally: by common sense both should use zone-transfers instead 
copy zone-files because errors in the zonefile would not bring down the 
slave (many errors like "CNAME and others" simply let not start named at 
reboot)



As it is, the topology test is broken because it doesn't account for an
Anycast configuration where multiple sites share the same origin ASN
even though they're connected via completely different AS paths


different topic
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to