mailing list archives
Re: QWest is having some pretty nice DNS issues right now
From: Simon Waters <simonw () zynet net>
Date: Tue, 10 Jan 2006 09:12:55 +0000
On Monday 09 Jan 2006 21:26, Christopher L. Morrow wrote:
On Mon, 9 Jan 2006, Randy Bush wrote:
It seems like maybe that is all too common. Are the 'best practices'
documented for Authoritative DNS somewhere central?
yes, yes.. people who care (a lot) have read this I'm sure... I was aiming
a little lower :) like folks that have enterprise networks :) Or, maybe
even registrars offering 'authoritative dns services' like say 'worldnic'
who had most of their DNS complex shot in the head for 3 straight days :(
It is the old story of ignorance and cost, plus with DNS a "perceived loss of
In the UK many domains are registered with a couple of the cheapest providers,
who do not do off network DNS, and in the past one offered non-RFC compliant
mail forwarding as a bonus. I've seen people switch the DNS part of a hosting
arrangement to these guys to save about 10 USD a year. Of course people
competing at those sort of price levels offer practically no service
component, so even if nothing dreadful happens it still turns into a false
It reminds me of the firewall market, when the average punter had no idea how
to assess the "security" aspects of a firewall, and so firewall vendors ended
up pushing throughput, and price, as the major selling points. I know people
who bought firewalls capable of handling 160Mbps of traffic, who still have
it filtering a 2Mbps Internet connection, badly.
By and large the big ISPs do a good job with DNS, the end users do a terrible
job. I think once you get to the size where you need a person (or team) doing
DNS work fulltime, it probably gets a lot easier to do it right.
Perhaps I should dust off my report on the quality of DNS configurations in
the South West of England, and turn it into a buyers guide?
That said I don't think doing DNS right is easy. I know pretty much exactly
what my current employer is doing wrong, but these failures to conform to
best practice aren't as much of a priority as the other things we are doing
wrong. At least in our case it is done with knowledge of what can (and likely
will eventually) go wrong.
Re: QWest is having some pretty nice DNS issues right now Fergie (Jan 07)