<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<div class="moz-cite-prefix">On 06-Nov-20 08:50, Reindl Harald
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:%3C4aceb66f-cee9-a3ad-5f61-69d587ddc2e8@thelounge.net%3E">
<br>
<br>
Am 06.11.20 um 13:25 schrieb Tom J. Marcoen:
<br>
<blockquote type="cite">First of all, sorry that I cannot reply
within the thread, I was not
<br>
yet a member of the mailing list when those emails were sent.
<br>
<br>
<blockquote type="cite">On Thu 15/Oct/2020 18:57:16 +0200 Jason
Long via bind-users wrote:
<br>
<blockquote type="cite">
<br>
Excuse me, I just have one server for DNS and that tutorial
is about secondary
<br>
DNS server too.
<br>
</blockquote>
<br>
Just skip the chapter about the secondary. You're better off
buying secondary
<br>
DNS services externally. A good secondary offloads your
server noticeably, and
<br>
keeps the domain alive in case of temporary failures.
<br>
<br>
Best
<br>
Ale
<br>
</blockquote>
<br>
Is it not a requirement to have at least two authoritative name
<br>
servers? I believe all TLDs require at least two name servers
but I
<br>
must be mistaking as no one pointed this out yet.
<br>
</blockquote>
<br>
yes, and "You're better off buying secondary DNS services
externally" don't say anything else
<br>
<br>
the point is that the two nameservers are required to be located
on two different ip-ranges anyways to minimize the risk that both
going down at the same time
<br>
<br>
</blockquote>
<p>Do a web search for "secondary dns provider" and "backup dns
provider". There are a number of them, some paid, some free.
Not all are equal - last time I looked, support for DNSSEC was
uncommon,, especially among the free ones. IPv6 support has been
lagging, but improving. Also, if you use UPDATE, make sure the
service that you use supports NOTIFY. Some limit or charge
according to the number of queries, zones and/or names - but that
doesn't necessarily correlate with price. <br>
</p>
<p>Also look for minimum TTL restrictions - especially with free
services. <br>
</p>
<p>I use a free service that does support IPv6, DNSSEC & NOTIFY
- and runs on BIND.</p>
<p>Often the external services provide better geographic diversity
than a small operation can - and have better internet
connections. <br>
</p>
<p>If you have the resources, you can also setup an agreement with a
similarly-situated organization for mutual secondary service - you
slave their zones & they slave yours. This can work well -
often at no cost - especially if the resource demands are roughly
equal.</p>
<p>Other caveats: external services typically won't use hostnames in
your domain - or if you want that, will charge you for it. And if
you depend on views, external services will only work for external
views - you'll need to provide your own secondary servers for
internal-only views. <br>
</p>
<p>Finally, if performance matters and you have a dispersed user
base, look for a provider that has a solid infrastructure -
ANYCAST is one good clue. You'll almost always have to subscribe
to a paid service in these cases, especially with high query
rates.<br>
</p>
<p>RFC2182 (<a class="moz-txt-link-freetext" href="https://tools.ietf.org/html/rfc2182">https://tools.ietf.org/html/rfc2182</a>) is fairly readable
and describes many of the considerations involved in selecting
secondary DNS servers. <br>
</p>
<p>DNS appears deceptively simple at first blush. Setting up a
serviceable infrastructure requires an investment of thought and
on-going maintenance. You will not be happy if you skimp on that
investment, since broken DNS is externally visible - and
frequently catastrophic.<br>
</p>
<pre class="moz-signature" cols="72">Timothe Litt
ACM Distinguished Engineer
--------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.
</pre>
</body>
</html>