[dns-operations] which registries test nameservers before delegations?
Shane Kerr
shane at time-travellers.org
Tue Apr 25 09:32:29 UTC 2017
Randy,
At 2017-04-25 10:35:00 +0900
Randy Bush <randy at psg.com> wrote:
> > GN and LR
>
> btw, 2182 server separation is mandatory, which may be a bit unusual.
Not only unusual, I'm curious how it is measured.
I can imagine:
* checking different IP addresses
* checking IP addresses in different /24 (because in some universes
apparently that means a different network...)
* looking at WHOIS from the RIR to ensure different networks
* using traceroute and looking for diversity in the final N hops
* looking at the AS path in BGP and looking for diversity in the final
N hops
* using ping times to guess physical location to insure physical
diversity
* making sure that multiple cloud providers are used, to provide
resiliency for Dynpocalypse 2
Personally I think any and all of these as advisory checks is
potentially helpful both on delegation and periodically. Mandatory
checks... meh. ;)
Cheers,
--
Shane
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digitale handtekening
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20170425/6beaa2ba/attachment.sig>
More information about the dns-operations
mailing list