[dns-operations] auth servers in different TLDs

Warren Kumari warren at kumari.net
Tue Apr 17 13:32:51 UTC 2018 

What is a "best" practice is often disputed, but this is a well known
pattern -- it means that you are not "putting all of your eggs on one
basket"[0] / are spreading your risk (you are not relying on a single
or small number of TLDs to be up and working).
Of course, much of this added redundancy is lost in this case because
all of the NS records ns-gmx.ui-dns.(biz|com|de|org) are in a single
route announcement (217.160.80.0/22).

Some people also claim that it improves privacy by not having a single
TLD operator see "all" of the queries for gmx.net. Others claim that
it decreases privacy because now more TLD operators can each see a
bit....

W
[0]: Idiom: https://dictionary.cambridge.org/us/dictionary/english/put-all-your-eggs-in-one-basket

On Tue, Apr 17, 2018 at 12:23 AM, Yonghua Peng <ypeng at gmx.net> wrote:
> I saw some domains who have auth name servers in different TLDs.
> such as,
>
> ;; ANSWER SECTION:
> gmx.net.                84558   IN      NS      ns-gmx.ui-dns.de.
> gmx.net.                84558   IN      NS      ns-gmx.ui-dns.biz.
> gmx.net.                84558   IN      NS      ns-gmx.ui-dns.com.
> gmx.net.                84558   IN      NS      ns-gmx.ui-dns.org.
>
> ;; ADDITIONAL SECTION:
> ns-gmx.ui-dns.biz.      163883  IN      A       217.160.81.199
> ns-gmx.ui-dns.com.      258650  IN      A       217.160.82.199
> ns-gmx.ui-dns.de.       163237  IN      A       217.160.80.199
> ns-gmx.ui-dns.org.      163744  IN      A       217.160.83.199
>
> And this,
>
> easydns.com.            600     IN      NS      dns4.easydns.info.
> easydns.com.            600     IN      NS      dns1.easydns.com.
> easydns.com.            600     IN      NS      dns2.easydns.net.
> easydns.com.            600     IN      NS      dns3.easydns.org.
>
> Is this best practices for hosting a domain?
>
> Thank you.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf

More information about the dns-operations mailing list