[dns-operations] question on dns setup, name-servers on adjacent IPs

Veaceslav Revutchi slavarevutchi at gmail.com
Thu Aug 25 02:50:37 UTC 2016


Hello, need your opinion on a dns setup.

By looking at the query below is it reasonable to assume that the two
name-servers for that domain are collocated or on the same l2 domain?

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @c.gtld-servers.net. trondent.com
+norec +noall +auth +addi
; (1 server found)
;; global options: +cmd
trondent.com. 172800 IN NS tdcns-01.trondent.com.
trondent.com. 172800 IN NS tdcns-02.trondent.com.
tdcns-01.trondent.com. 172800 IN A 199.3.18.24
tdcns-02.trondent.com. 172800 IN A 199.3.18.25

I know in theory the two could be further apart and announced as /32s,
however mtr shows almost identical hops and latency, sprint looking
glass shows a /24 and the rest of the world sees a /14 for those IPs.
Would you flag this as a poor setup where a network problem affecting
that subnet could take down both servers?

This is a vendor we make api calls to and once in a while the calls
fail with a dns resolution error. The destination server that fails to
resolve has an A record in the domain above. By the time the problem
gets reported and looked at the name is resolving ok and there is not
much in our bind resolver logs. No other dns related alerts around
that time so I'm suspecting bind did not get a response from those two
IPs. I'm setting up a couple of probes on the net to periodically
query those NS, hopefully I will have more data next time it happens.
Is there a best practice document on the number of NS and their
distribution that I can forward to the vendor?

Also, the two servers do not respond if I set the edns version to
something other than 0. Does that mean there is a firewall in front of
them that doesn't handle dns properly? I understand this means not
following the RFC.

Thank you,
Slava



More information about the dns-operations mailing list