Home page logo
/

nanog logo nanog mailing list archives

Re: QWest is having some pretty nice DNS issues right now
From: Simon Waters <simonw () zynet net>
Date: Mon, 9 Jan 2006 08:34:18 +0000


On Saturday 07 Jan 2006 02:54, you wrote:

While it's tempting to make fun of Qwest here, variations on this theme -

I'll happily make fun of them. If the authoritative DNS servers were in the 
same logical network, even if one was in Washington, and one in California, 
they'd deserve it.

Use to do basic audit networks for end user companies (and one small ISP who 
bought the service), this was a standard checklist item. Literally are the 
authoritative name servers on different logical networks. GX networks did it. 
Demon Internet did it, we do it for our own hosting despite being a 
relatively small company, I'm sure most of NANOG readership are careful to do 
this.

I think the comments on anycast are misplaced, most big ISPs use it, or 
similar, for internal recursive resolvers, but I don't think it is that 
crucial for authoritative servers. Of course placing all your authoritative 
nameservers in the same anycast group is one of the things I've complained 
about here before (not mentioning any TLD by name since they seem to have 
learnt from that one), so of itself anycast doesn't avoid the issue. You can 
make the same mistake in many different systems.

Also some scope for longer TTL at Qwest, although I can't throw any stones as 
we have been busy migrating stuff to new addresses and using very short TTLs 
ourselves at the moment. But we'll be back to 86400 seconds just as soon as I 
finish the migration work.

I do agree the management issue with DNS are far harder, and here longer TTL 
are a double edged sword. But it is hard to design a system where the 
mistakes don't propagate to every DNS server, although some of the common 
tools do make it easier to check things are okay before updates are unleased.

I think there is scope for saying the DNS TTLs should be related (and greater 
than) the time it takes to get clue onto any DNS problem.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault