Why does INTERNIC require two nameservers?

Jay Nugent jjn at home.nuge.com
Sun Sep 17 19:59:53 UTC 2000 

Greetings,

On Sun, 17 Sep 2000, Mark Drummond wrote:

> 
> "Olivier M." wrote:
> > 
> > Yes that is right. But some registrar (.at or .de, I don't remember)
> > requires nameservers on two _different_ C classes.
> 
> This is absolutely silly ... registries that require this do so on the
> premise that the second one can take over if the first is dead. But why
> not just have 2 nameservers on your own net? If one goes down, the other
> takes over anyway regardless of it's physical location.

   I suspect that this requirement had a lot to do with older ethernets
(10Base2 thinnet) that used coax.  Lose a terminator, have a bad cable, a
bad connector, a jammed ethernet card, or just a loose connection ANYWHERE
on that collision domain and the WHOLE SEGEMENT was DOWN.  Two nameservers
on the same segment go down TOGETHER.  So it was resonable and diligent to
place nameservers on DIFFERENT segments.  Yes, this requirement is not
neccessary with 10/100BaseT (twisted pair) but ONLY because the coax
problems have been resolved.  However, you STILL have single point of
failure problems with 10/100BaseT that will take both nameservers out of
service, namely the hub.  Lose power or have the hub die and the same
problems results.  Anybody here have a hub lose power?  C'mon, be honest
;-)

   Either way I personnaly consider it very poor engineering to place
nameservers (that back one another) in a situation where there is a single
point of failure.  The owner is just not thinking, plain and simple. No
thought towards redundancy, disaster survivablity, accidents, etc... But
then, he *may* not need it.  It all depends on his business needs...

   Now, consider this scenario.  You are an ISP and your only upstream
connection fails.  Your nameservers are still chugging along quite nicely
but the outside world can't see them.  Customers/Clients can't reach you
because they can't resolve you.  Okay fine you say, so if I'm down anyway
so what difference would it make if they can't resolve me?

   Well let's see: 
--- If just one of your nameservers was OUTSIDE your network the rest of
the world could still resolve you, could still be able to traceroute up to
the point of failure and now know WHY you were unreachable.  Good
information to have when troubleshooting outages and it looks alot better
and more professional.

--- Mail servers can still resolve you.  Now instead of logging you as
"Host cannot be resolved" they will see that your SMTP server is
unreachable and will simply stick the email destined for your site back
into the mqueue and try again at the next interval.

   In my network I have one nameserver that is reachable on ALL my subnets
(multiple interfaces) here in Ann Arbor, Michigan.  While I have my
Slave/Secondary located in Fremont, Ohio.  Two DRASTICALLY diverse
networks, one off Level-3 the other off AlterNet.  Tornados, earthquakes,
floods, fires, equipment failures, human errors, or just simple backbone
outages don't take my name resolution down :-) 

   So, generally it is good engineering to have a namserver off-site from
your network, especially if you are an ISP or service provider.  Small
businesses, or companies that do not need to be reached by the outside
world may not have as much need for this requirement.  But I think it
still boils down to what YOU want to do.  And I don't think that the
Registrar show force you into doing anything.

 
      --- Jay
             
             /~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/~~\
            |  Jay Nugent                 jjn at nuge.com |____|
            |  Nugent Telecommunications  www.nuge.com |
            |  Web-Pegasus          www.webpegasus.com |
            |  ISP Monitoring       www.ispmonitor.net |
            |  LinuxNIC, Inc.       www.linuxnic.net   |
            |  (734)971-1076        (734)971-4529 /Fax |
            |  (734)649-0850/cell                      |
            |                                          |
            | ISP & Modem Performance Monitoring Svcs. |
            | Discount Reseller of 123.Net ISP Services|
            | Internet Consulting / Linux SysAdmin     |
            | Web Hosting / DNS Hosting / Shell Accts. |
            | Embedded Controllers / Engr. & Design    |
            | Registrar of the .linux TLD              |
         /~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/   |
         \_________________________________________\__/

  3:00pm  up 129 days, 21:13,  6 users,  load average: 0.11, 0.08, 0.08

More information about the bind-users mailing list