[dns-operations] auth servers in different TLDs

Rubens Kuhl rubensk at nic.br
Tue Apr 17 15:07:16 UTC 2018 

It goes somewhat further than different TLDs: those are different domains with possibly different expiration dates. So if someone s* up forgetting to renew one of those, the others are still up. If for some reason a registry or registrar takes down one of the domains, the others will still be up.
The con is that now there are 4 TLDs and possible 8 different parties (counting registry and registrar) where someone can compromise your zone pointing to somewhere else.

So there is gain in mishap protection, but there is loss in malicious intent protection. Choose your pain.

Rubens


> Em 17 de abr de 2018, à(s) 01:23:000, Yonghua Peng <ypeng at gmx.net> escreveu:
> 
> I saw some domains who have auth name servers in different TLDs.
> such as,
> 
> ;; ANSWER SECTION:
> gmx.net.                84558   IN      NS      ns-gmx.ui-dns.de.
> gmx.net.                84558   IN      NS      ns-gmx.ui-dns.biz.
> gmx.net.                84558   IN      NS      ns-gmx.ui-dns.com.
> gmx.net.                84558   IN      NS      ns-gmx.ui-dns.org.
> 
> ;; ADDITIONAL SECTION:
> ns-gmx.ui-dns.biz.      163883  IN      A       217.160.81.199
> ns-gmx.ui-dns.com.      258650  IN      A       217.160.82.199
> ns-gmx.ui-dns.de.       163237  IN      A       217.160.80.199
> ns-gmx.ui-dns.org.      163744  IN      A       217.160.83.199
> 
> And this,
> 
> easydns.com.            600     IN      NS      dns4.easydns.info.
> easydns.com.            600     IN      NS      dns1.easydns.com.
> easydns.com.            600     IN      NS      dns2.easydns.net.
> easydns.com.            600     IN      NS      dns3.easydns.org.
> 
> Is this best practices for hosting a domain?
> 
> Thank you.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 528 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20180417/b4571807/attachment.sig>

More information about the dns-operations mailing list