Comment by belorn

19 hours ago

I am reminded of the warning that zonemaster gives about putting your domain name servers on a single AS, as is common practice for many larger providers. A lot of people do not want others to see this as a problem since a single AS is a convenient configuration for routing, but it has the downside of being a single point of failure.

Building redundant infrastructure that can withstand BGP and DNS configuration mistakes are not that simple but it can be done.

16 comments

belorn

icedchai 5 hours ago

It's simple enough to get a secondary DNS server somewhere and put it on $5/month VPS. I use BIND and DNS replication (AXFR/IXFR) handles it.

ondohotola 4 hours ago
Have you ANY clue about the size of .DE's name server infrastructure?
- icedchai 3 hours ago
  
  Are you following the thread? We're talking about redundancy for a single domain here.
  
  2 replies →

walrus01 17 hours ago

As the CPU/RAM resources to run an authoritative-only slave nameserver for a few domains are extremely minimal (mine run at a unix load of 0.01), it's a very wise idea to put your ns3 or something at a totally different service provider on another continent. It costs less than a cup of coffee per month.

belorn 9 hours ago
For a very long time, the computer club I was in operated a DNS server on a Pentium 75MHz and after the last major hardware upgrade it had a total of 110MB RAM memory and 2G disk space. It worked great except that before the upgrade it tended to run out of ram whenever there was a Linux kernel update, a problem we solved forever by populating all the ram slots with the maximum that the motherboard could handle to that nice 110 MB.
- psd1 5 hours ago
  
  Did you populate the motherboard with the most it could handle, or the most you could assemble from a box of assorted sticks?
  Otherwise, 110MB would hint at a fascinating engineering culture at the motherboard manufacturer.
account42 8 hours ago
This makes sense for larger providers but just for a small/personal website there is literally zero advantages to having distributed authoritative DNS servers when the webserver is on a single host.
Ironically, denic still requires you to have two separate name servers with different IPs for your domain (which can be worked around by changing the IP of the registered name server afterwards lol), a requirement that all other registries I use have dropped or never had because enforcing such a policy at the registry level makes zero sense.
- walrus01 2 minutes ago
  
  For a domain owned by someone in North America, it costs me literally $1.50 a month to have an authoritative only ns3 in Europe on a totally different ISP.
- icedchai 5 hours ago
  
  It depends. Do you also have email or other services for that domain? The advantage is your email doesn't start bouncing when your single host web site / DNS server is down.
  
  1 reply →

deepsun 15 hours ago

On Google cloud it's always four nameservers like

    ns-cloud-c1.googledomains.com
    ns-cloud-c2.googledomains.com
    ns-cloud-c3.googledomains.com
    ns-cloud-c4.googledomains.com

Would not make any sense to do four of them if it's a single AZ. Also, they are geo-aware and routed to your nearest region.

seabrookmx 13 hours ago
Are you conflating autonomous system (AS) with availability zone (AZ)?
- deepsun 12 hours ago
  
  Uhh, you're right, I totally did. Now I see the parent's point, thank you.