On Jul 5, 2024, at 12:53 AM, Jeroen Massar via NANOG <nanog@nanog.org> wrote:
> Thus one only increases the risk by having multiple TLDs. That's not the case if you provide DNS servers for others, though. It is true that if he.net has nameservers of "ns1.he.net" and "ns2.he.net", making the second of those be "ns2.he.org" will not make "www.he.net" reachable if he.net is placed on clientHold. However, if "example.com" uses "ns1.he.net" and "ns2.he.net" as its nameservers, having the second of those instead be "ns2.he.org" will keep "www.example.com" reachable if he.net is placed on clientHold. That was presumably the emergency concern in this case -- not so much that www.he.net itself was offline, but that all the other domains using their nameservers were offline. I run a registrar so there's no risk of our domain names getting put on clientHold, but I still don't trust the *registry* not to put one of our domain names on their equivalent "serverHold". We provide nameservers for our customers in .net, .biz and .org (run by separate companies) to mitigate that risk. And every time I see a story like what happened to he.net yesterday, I re-convince myself that the slight performance hit is worth it, and presumably, so do companies like Amazon: $ dig +short amazon.com NS ns1.amzndns.co.uk. ns1.amzndns.com. ns1.amzndns.net. ns1.amzndns.org. ns2.amzndns.co.uk. ns2.amzndns.com. ns2.amzndns.net. ns2.amzndns.org. -- Robert L Mathews
