[dns-operations] which registries test nameservers before delegations?

Shane Kerr shane at time-travellers.org
Tue Apr 25 09:32:29 UTC 2017


At 2017-04-25 10:35:00 +0900
Randy Bush <randy at psg.com> wrote:

> > GN and LR  
> btw, 2182 server separation is mandatory, which may be a bit unusual.

Not only unusual, I'm curious how it is measured.

I can imagine:

* checking different IP addresses
* checking IP addresses in different /24 (because in some universes
  apparently that means a different network...)
* looking at WHOIS from the RIR to ensure different networks
* using traceroute and looking for diversity in the final N hops
* looking at the AS path in BGP and looking for diversity in the final
  N hops
* using ping times to guess physical location to insure physical
* making sure that multiple cloud providers are used, to provide
  resiliency for Dynpocalypse 2

Personally I think any and all of these as advisory checks is
potentially helpful both on delegation and periodically. Mandatory
checks... meh. ;)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digitale handtekening
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20170425/6beaa2ba/attachment.sig>

More information about the dns-operations mailing list