mailing list archives
Re: QWest is having some pretty nice DNS issues right now
From: Simon Waters <simonw () zynet net>
Date: Mon, 9 Jan 2006 08:34:18 +0000
On Saturday 07 Jan 2006 02:54, you wrote:
While it's tempting to make fun of Qwest here, variations on this theme -
I'll happily make fun of them. If the authoritative DNS servers were in the
same logical network, even if one was in Washington, and one in California,
they'd deserve it.
Use to do basic audit networks for end user companies (and one small ISP who
bought the service), this was a standard checklist item. Literally are the
authoritative name servers on different logical networks. GX networks did it.
Demon Internet did it, we do it for our own hosting despite being a
relatively small company, I'm sure most of NANOG readership are careful to do
I think the comments on anycast are misplaced, most big ISPs use it, or
similar, for internal recursive resolvers, but I don't think it is that
crucial for authoritative servers. Of course placing all your authoritative
nameservers in the same anycast group is one of the things I've complained
about here before (not mentioning any TLD by name since they seem to have
learnt from that one), so of itself anycast doesn't avoid the issue. You can
make the same mistake in many different systems.
Also some scope for longer TTL at Qwest, although I can't throw any stones as
we have been busy migrating stuff to new addresses and using very short TTLs
ourselves at the moment. But we'll be back to 86400 seconds just as soon as I
finish the migration work.
I do agree the management issue with DNS are far harder, and here longer TTL
are a double edged sword. But it is hard to design a system where the
mistakes don't propagate to every DNS server, although some of the common
tools do make it easier to check things are okay before updates are unleased.
I think there is scope for saying the DNS TTLs should be related (and greater
than) the time it takes to get clue onto any DNS problem.