Domain Not Resolving
Ray Bellis
ray at isc.org
Wed Nov 22 14:02:14 UTC 2017
On 21/11/2017 17:30, Reindl Harald wrote:
> because of https://www.iana.org/help/nameserver-requirements and he
> should not have allowed this setup at all because "Minimum number of
> name servers - There must be at least two NS records listed in a
> delegation, and the hosts must not resolve to the same IP address"
>
> and the next paragraph makes it clear that even a second machine in the
> same subnet is not enough for obvious reasons
>
> Network diversity
> The name servers must be in at least two topologically separate
> networks. A network is defined as an origin autonomous system in the BGP
> routing table. The requirement is assessed through inspection of views
> of the BGP routing table
Those requirements are the ones that apply to delegations in the root zone.
As it is, the topology test is broken because it doesn't account for an
Anycast configuration where multiple sites share the same origin ASN
even though they're connected via completely different AS paths.
Ray
More information about the bind-users
mailing list