Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: QWest is having some pretty nice DNS issues right now

  • From: Simon Waters
  • Date: Mon Jan 09 03:34:40 2006

On Saturday 07 Jan 2006 02:54, you wrote:
>
> While it's tempting to make fun of Qwest here, variations on this theme -

I'll happily make fun of them. If the authoritative DNS servers were in the 
same logical network, even if one was in Washington, and one in California, 
they'd deserve it.

Use to do basic audit networks for end user companies (and one small ISP who 
bought the service), this was a standard checklist item. Literally are the 
authoritative name servers on different logical networks. GX networks did it. 
Demon Internet did it, we do it for our own hosting despite being a 
relatively small company, I'm sure most of NANOG readership are careful to do 
this.

I think the comments on anycast are misplaced, most big ISPs use it, or 
similar, for internal recursive resolvers, but I don't think it is that 
crucial for authoritative servers. Of course placing all your authoritative 
nameservers in the same anycast group is one of the things I've complained 
about here before (not mentioning any TLD by name since they seem to have 
learnt from that one), so of itself anycast doesn't avoid the issue. You can 
make the same mistake in many different systems.

Also some scope for longer TTL at Qwest, although I can't throw any stones as 
we have been busy migrating stuff to new addresses and using very short TTLs 
ourselves at the moment. But we'll be back to 86400 seconds just as soon as I 
finish the migration work.

I do agree the management issue with DNS are far harder, and here longer TTL 
are a double edged sword. But it is hard to design a system where the 
mistakes don't propagate to every DNS server, although some of the common 
tools do make it easier to check things are okay before updates are unleased.

I think there is scope for saying the DNS TTLs should be related (and greater 
than) the time it takes to get clue onto any DNS problem.




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.