[dns-operations] auth servers in different TLDs
Bob Harold
rharolde at umich.edu
Tue Apr 17 13:46:01 UTC 2018
On Tue, Apr 17, 2018 at 12:23 AM, Yonghua Peng <ypeng at gmx.net> wrote:
> I saw some domains who have auth name servers in different TLDs.
> such as,
>
> ;; ANSWER SECTION:
> gmx.net. 84558 IN NS ns-gmx.ui-dns.de.
> gmx.net. 84558 IN NS ns-gmx.ui-dns.biz.
> gmx.net. 84558 IN NS ns-gmx.ui-dns.com.
> gmx.net. 84558 IN NS ns-gmx.ui-dns.org.
>
> ;; ADDITIONAL SECTION:
> ns-gmx.ui-dns.biz. 163883 IN A 217.160.81.199
> ns-gmx.ui-dns.com. 258650 IN A 217.160.82.199
> ns-gmx.ui-dns.de. 163237 IN A 217.160.80.199
> ns-gmx.ui-dns.org. 163744 IN A 217.160.83.199
>
> And this,
>
> easydns.com. 600 IN NS dns4.easydns.info.
> easydns.com. 600 IN NS dns1.easydns.com.
> easydns.com. 600 IN NS dns2.easydns.net.
> easydns.com. 600 IN NS dns3.easydns.org.
>
> Is this best practices for hosting a domain?
>
> Thank you.
>
>
If I am wrong, hopefully someone will correct me.
If your domain is under ".com", then it won't be reachable if all the .com
NS servers are unreachable, even if you have NS servers in other TLD's,
because resolvers won't be able to query the parent zone. Except for short
outages while the parent zone info is cached. So I don't think it really
helps much.
On the other hand, anyone who compromises any of the TLD's that you use for
NS records would be able to compromise your domain, so it could be a
disadvantage to use several TLD's.
The one benefit would be that using more TLD's means a larger pool of
anycast servers that hold the parent zones of you NS servers.
I think that it is probably best not to use multiple TLD's, but it is a
tradeoff.
--
Bob Harold
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20180417/682e140c/attachment.html>
More information about the dns-operations
mailing list