Andrey G. Sergeev (AKA Andris) wrote:
Greetings,
does the following setup violate any DNS RFCs or is it in the conflict
with any best practices?
----------------------------------------------------------------------
[and...@strigidae ~]$ dig +nocmd +nocom +noque +nosta domain1.tld1. ns
domain1.tld1. 86400 IN NS ns1.domain1.tld1.
domain1.tld1. 86400 IN NS ns2.domain1.tld1.
domain1.tld1. 86400 IN NS ns1.domain2.tld2.
domain1.tld1. 86400 IN NS ns2.domain2.tld2.
domain1.tld1. 86400 IN NS ns1.domain3.tld3.
domain1.tld1. 86400 IN NS ns2.domain3.tld3.
ns1.domain1.tld1. 86400 IN A IP.Add.ress.1
ns2.domain1.tld1. 86400 IN A IP.Add.ress.2
^^^^^^^^^^^^^
ns1.domain2.tld2. 86400 IN A IP.Add.ress.3
^^^^^^^^^^^^^
ns2.domain2.tld2. 86400 IN A IP.Add.ress.4
ns1.domain3.tld3. 86400 IN A IP.Add.ress.2
^^^^^^^^^^^^^
ns2.domain3.tld3. 86400 IN A IP.Add.ress.3
^^^^^^^^^^^^^
----------------------------------------------------------------------
As we can see above, the ns2.domain1.tld1 / ns1.domain3.tld3 are
actually the same physical host with the IP.Add.ress.2 and the
ns1.domain2.tld2 / ns2.domain3.tld3 are actually the same machine with
the IP.Add.ress.3.
The DNS standards only say that every zone must have at least 2
nameservers. That doesn't appear to be violated here. The fact that some
of the nameservers have multiple names, doesn't reduce the
availability/robustness of the delegations (which is apparently the
whole point of the rule), the only minor negative effect is that there
is some confusion over where the PTR records should point. But even that
is pretty much irrelevant, since doing a reverse lookup of an
authoritative nameserver is not required by any standard, nor something
that is done in the normal course of operation.
What are the benefits of this setup?
4 nameservers are cheaper than 6 (??)
- Kevin
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
