[dns-operations] which registries test nameservers before delegations?
shane at time-travellers.org
Tue Apr 25 09:32:29 UTC 2017
At 2017-04-25 10:35:00 +0900
Randy Bush <randy at psg.com> wrote:
> > GN and LR
> btw, 2182 server separation is mandatory, which may be a bit unusual.
Not only unusual, I'm curious how it is measured.
I can imagine:
* checking different IP addresses
* checking IP addresses in different /24 (because in some universes
apparently that means a different network...)
* looking at WHOIS from the RIR to ensure different networks
* using traceroute and looking for diversity in the final N hops
* looking at the AS path in BGP and looking for diversity in the final
* using ping times to guess physical location to insure physical
* making sure that multiple cloud providers are used, to provide
resiliency for Dynpocalypse 2
Personally I think any and all of these as advisory checks is
potentially helpful both on delegation and periodically. Mandatory
checks... meh. ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 833 bytes
Desc: OpenPGP digitale handtekening
More information about the dns-operations