[dns-operations] auth servers in different TLDs
klaus.mailinglists at pernau.at
Fri May 4 21:23:25 UTC 2018
As mentioned by others, there are various pros and cons. Here is my view.
Am 17.04.2018 um 06:23 schrieb Yonghua Peng:
> I saw some domains who have auth name servers in different TLDs.
> such as,
> ;; ANSWER SECTION:
> gmx.net. 84558 IN NS ns-gmx.ui-dns.de.
> gmx.net. 84558 IN NS ns-gmx.ui-dns.biz.
> gmx.net. 84558 IN NS ns-gmx.ui-dns.com.
> gmx.net. 84558 IN NS ns-gmx.ui-dns.org.
This makes sense. There is a "DNS provider" "ui-dns" which probably
hosts many domains from various TLDs. In this concrete example, the
domain is a .net domain, but all nameservers are within other domains.
Hence, no glue records are used at all. Here it is an advantage, as if
for example all nameservers would be within a single TLD, you have a
second single point of failure (the first, non avaoidable, single point
of failure is the .net TLD).
> easydns.com. 600 IN NS dns4.easydns.info.
> easydns.com. 600 IN NS dns1.easydns.com.
> easydns.com. 600 IN NS dns2.easydns.net.
> easydns.com. 600 IN NS dns3.easydns.org.
In this case, it is not clearly an advantage. The "DNS provider" hosts
its own domain. If it would use dns.easydns.com it would benefit
of glue records for all nameservers. Glue records improves the
performance (on first lookups) and there is no need to rely on other
domains, because if .com is down, it would not work anyways, and if .com
is not down, everything works perfect.
It may even worse resolving as it introduces resolver-loops. Eg. the
resolver asks for easydns.com and gets redirected to one of the above
nameservers. If the resolver's algorithm is bad, it may choose the first
nameserver, ie dns4.easydns.info. Hence, the resolver will ask for this
nameserver and will receive as answer:
easydns.info. 86400 IN NS dns2.easydns.net.
easydns.info. 86400 IN NS dns3.easydns.org.
easydns.info. 86400 IN NS dns1.easydns.com.
easydns.info. 86400 IN NS dns4.easydns.info.
Choosing again the first nameserver it will ask for dns2.easydns.net and
again receiving an answer like this:
easydns.net. 172800 IN NS dns3.easydns.org.
easydns.net. 172800 IN NS dns1.easydns.com.
easydns.net. 172800 IN NS dns2.easydns.net.
easydns.net. 172800 IN NS dns4.easydns.info.
Hence, they rely on resolvers to be smart enough to ignore the loops.
Smart means: using the nameserver with glue record provided. Hence, the
other nameservers in other domains, refering to again the other domains
may be useless.
I guess the reason why the are nevertheless using nameservers in
different domains is: they just want to use the same setup as for all
their customer domains.
And in the end, both versions may work.
More information about the dns-operations