[dns-operations] Limit on Name Servers & their IPs for a sub-domain

[Peter Koch]

On Thu, Jan 11, 2018 at 03:11:00PM +0000, James Stevens wrote:
> I am aware of the "traditional" limit of 13 NS records for a sub-domain, is
> it considered that this still applies?

there is no strict limit expressed in the number of NS RRs.
The "13" was most prominently associated with the number of NS RRs
for the root zone itself (a.k.a. "number of root servers").
<https://www.icann.org/en/system/files/files/rssac-028-03aug17-en.pdf>
may provide some insight on this.

There are (operational) packet size considerations for the delegation response, that
may or may not take into account EDNS (i.e., DNS payloads beyond 512 octets).

Unless the data is maintained in a "zone file", there might be data (design)
constraints that would put a ceiling to the number of entries.

> But, I only tested a small number of address - is there some reason (e.g.
> packet size, code restrictions, etc) that might mean more addresses would
> not scale?

Scaling has multiple aspects here: One is whether this would work for "large"
delegation sizes (taking into account the NS RRSet as well as glue RRs,
where applicable.  The other dimension is the extra burden on other parts
of the DNS landscape (servers at the parent side of the delegation,
resolvers, ...) should the scheme be applied for a larger number of zones.

> This suggests a theoretical unlimited servers for a sub-domain, so long as
> they are represented as additional IP Addresses against the same name.

At some point, the A and AAAA RRSet would grow unpleasently large, both to
serve and retrieve, but also to digest.

Is equal "load distribution" what you're looking for?

-Peter