[dns-operations] SE and the value of having NS in more than one TLD

bert hubert bert.hubert at netherlabs.nl
Tue Oct 13 15:00:30 UTC 2009


On Tue, Oct 13, 2009 at 6:17 AM, Joe Abley <jabley at hopcount.ca> wrote:
>> Apparently the good folks at SE made a mistake with their host file
>> today and ended up with NS records of the form [a-j].ns.se.se. While
>> the problem has been corrected, and I certainly don't want to "pile
>> on" I thought this was a good time to mention the value of having NS
>> records in more than one TLD, even if you ARE a TLD. :)
>
> I don't think your observation qualifies that advice at all.

I've previously & unsuccessfully tried to get people interested in
having a very late stage 'sanity checking' tool that knows that
today's zone can't be too different from yesterday's zone (or the zone
of 5 minutes ago).

For example, if the total number of NS records on the zone changes by
more than 1%, or the number of A records decreases by more than 1%,
this would lead to the updates being held until manual intervention.

One might also mark the NS records of the zone itself as 'sacrosanct' this way.

These things become a lot harder if zones are provisioned over dynamic
update however, since each update would then have to be audited
individually.

   Bert



More information about the dns-operations mailing list