<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
On 07-Nov-20 14:06, Tom J. Marcoen wrote:<br>
<blockquote type="cite"
cite="mid:%3CCAJ-iVrP=BaEf9y=4biPshJ9etrNpCEBRyBCSwQAMAtaMySSaQQ@mail.gmail.com%3E">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="auto">Having at least two name servers is not a
requirement by the RFC standards but which TLD allows for only
one NS server to be given when hou register a domain?</div>
<div dir="auto"><br>
</div>
<div>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Sat, 7 Nov 2020 at 16:53,
Kevin A. McGrail <<a href="mailto:kmcgrail@pccc.com"
moz-do-not-send="true">kmcgrail@pccc.com</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)">
<div>
<div>On 11/7/2020 10:15 AM, Reindl Harald wrote:<br>
</div>
<blockquote type="cite"><br>
<a href="https://tools.ietf.org/html/rfc1537"
target="_blank" moz-do-not-send="true">https://tools.ietf.org/html/rfc1537</a>
<br>
Common DNS Data File Configuration Errors <br>
<br>
6. Missing secondary servers <br>
<br>
> It is required that there be a least 2 nameservers
<br>
> for a domain. <br>
<br>
----------------------------- <br>
<br>
that above is common knowledge virtually forever and the
difference of "must" and "should" in IETF wordings is
also very clear </blockquote>
<p>While I agree this is common knowledge as a best
practice, this rfc is a memo NOT a standard from my
reading:<br>
</p>
<pre style="font-family:monospace"> This memo provides information for the Internet community. It does
not specify an Internet standard. Distribution of this memo is
unlimited.
Regards,
KAM
</pre>
</div>
<br>
</blockquote>
</div>
</div>
</blockquote>
<br>
<p>I'm amazed that this thread has persisted for so long on this
list of knowledgeable people.</p>
<p><a moz-do-not-send="true"
href="https://tools.ietf.org/html/rfc1034">RFC1034</a>, one of
the two foundational RFCs for the DNS:</p>
<p>P.18 in section 4.1 (NAME SERVERS => Introduction):</p>
<blockquote>A given zone will be available from several name servers
to insure its<br>
availability in spite of host or communication link failure. By<br>
administrative fiat, we require every zone to be available on at
least<br>
two servers, and many zones have more redundancy than that.<br>
</blockquote>
<p>In case the font is too small, the key phrase is:</p>
<p>"we require every zone to be available on at least two servers"</p>
<p>That's "REQUIRE" at least TWO SERVERS.</p>
<p><a href="https://tools.ietf.org/html/rfc1537" target="_blank">https://tools.ietf.org/html/rfc1537</a>
documents common misconfigurations - that is, cases of
non-conformance to the RFCs that the author encountered circa
1993. It was superseded in 1993 by RFC <a moz-do-not-send="true"
href="https://tools.ietf.org/html/rfc1912">1912</a>, where
section 2.8 starts with "You are required to have at least two
nameservers for every domain". Neither document supersedes
RFC1034; rather they attempt to help with interpreting it.<br>
</p>
<p><a moz-do-not-send="true"
href="https://www.iana.org/help/nameserver-requirements">https://www.iana.org/help/nameserver-requirements</a>
consolidates information from several RFCs, since the DNS has
evolved over time. It is not an RFC, but a convenient summary.
It primarily documents the tests performed by IANA when it
processes a delegation change to the root, .INT, and .ARPA zones.
These tests validate conformance to the RFCs. As the introduction
says, "These tests do not measure against best practices or
comprehensively measure protocol conformance. They are a practical
set of baseline requirements that catch common misconfiguration
errors that impact stable operations of the DNS."</p>
<p>Bottom line: two servers per zone are required by the DNS
architecture. It's not folklore. It's not optional.</p>
<p>It is true that the DNS is robust enough to function with a
number of misconfigurations (including just one server for a zone,
since in practice this is almost indistinguishable from transient
conditions.)</p>
<p>Nonetheless, the goal of the DNS architecture (and most of its
operators) is to have a stable and robust name service.
Misconfigurations, such as those documented in rfc1527, make the
DNS unstable and fragile. The architecture tends to contain the
effects of many misconfigurations, but that doesn't make them
wise.<br>
</p>
<p>As I noted earlier: "DNS appears deceptively simple at first
blush. Setting up a serviceable infrastructure requires an
investment of thought and on-going maintenance. You will not be
happy if you skimp on that investment, since broken DNS is
externally visible - and frequently catastrophic."</p>
<p>I'll finish with a 1987 quote from Leslie Lamport on distributed
systems, which the DNS most certainly is:</p>
<p>"A distributed system is one in which the failure of a computer
you didn't even know existed can render your own computer
unusable."<br>
</p>
<p>Can the quibbling stop now?<br>
</p>
<pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; color: rgb(0, 0, 0); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">
</pre>
<pre class="moz-signature" cols="72">Timothe Litt
ACM Distinguished Engineer
--------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.
</pre>
</body>
</html>