Secondary DNS for Paraguay's TLD?

Alex_Bligh2 · March 8, 1999, 11:51am

IMHO, the internic should not allow any domains to have pri+sec nameserver
in the same /24

Why not? I know several people who stick them all in /30s as they
are so difficult to move. All bar one (which is in a different
originated AS) of ours are in the same /24 (different /30s, and
different continents in some cases).

Jared_Mauch · March 8, 1999, 1:31pm

Most "real" providers have diverse nameservers. For them,
this is not a problem, but for the other 99% of domains
that are delegated, they have their nameservers on the same
ethernet segment.

Domain Name: MONICALEWINSKI.COM

Domain servers in listed order:

ZORK.TIAC.NET 199.0.65.2
SUNDOG.TIAC.NET 199.0.65.9

This means once your /24 drops from routing,
you have no primary nor secondary nameservice.

This is meant only as an example, but to make my point. Because
the delegation authorities can do an easy check to see if the ips
are in the same /24, this could prevent a number of real outages, such
as a TLD being OOS, but also help fix all the little guys who don't
understand the idea of geographicaly diverse nameservers.

- jared

Rich_Sena1 · March 8, 1999, 4:20pm

Whelp I used to work for that company - and I know that 199.0.65.0/24 is
on a FDDI ring shared by 2 7507's and all common services are on that ring
- each 7507 has a HSSI with a DS3 to different exchanges to UUNET - so
you're right if UUNET goes down then it is dead - I know the 2 DS3's
terminate diferently but they will be down if UUNET is...

Bandy_Rush1 · March 8, 1999, 4:22pm

Whelp I used to work for that company - and I know that 199.0.65.0/24 is
on a FDDI ring shared by 2 7507's and all common services are on that ring
- each 7507 has a HSSI with a DS3 to different exchanges to UUNET - so
you're right if UUNET goes down then it is dead - I know the 2 DS3's
terminate diferently but they will be down if UUNET is...

wow! you did not cheat and read rfc 2182, did you?

randy

Rich_Sena1 · March 8, 1999, 4:43pm

Tried that Randy - it read like stereo instrucions so I threw it away - we
had plenty of dixie cups and string there so we were all set...

Ehud_Gavron · March 8, 1999, 6:11pm

If I wanted to put my nameservers on the same network but route to
them through VPNs, tunnels, or whatevers*, it would be up to me to
ensure their reachability.

First, let's not give InterNIC more power -- they already abuse that
which they have.

Second, let's not confuse DNS (and DNS stewards) with routing, and
addressing. The latter two are operational, NANOG issues, and
important. The former, well, let's just call it a sad case of
session layer taking down a country

Ehud
*whatevers -- whatever your vendor calls your solution to whatever