<div dir="auto">Thank you for your valuable feedback. It is much appreciated.</div><div dir="auto"><br></div><div><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 20 Nov 2020 at 19:37, Reindl Harald <<a href="mailto:h.reindl@thelounge.net">h.reindl@thelounge.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)">
<div>
<p><br>
</p>
<div>Am 08.11.20 um 14:44 schrieb Timothe
Litt:<br>
</div>
<blockquote type="cite">
<br>
<p>I'm amazed that this thread has persisted for so long on this
list of knowledgeable people</p>
</blockquote>
<p><br>
me too, i would understand that on the spamassassin list but not
here and what i *really* don't understand is jumping into the
thread with "I just wanted to comment that there is no requirement
to run a secondary DNS server"<br>
<br>
even if it would not be a requirement (but it is) it's common
sense not to contradict best practices everyone running critical
services is following<br>
<br>
there are enough beginners which don't follow best practices
anyways, no need to encourage them<br>
</p>
<blockquote type="cite">
<p><a href="https://tools.ietf.org/html/rfc1034" target="_blank">RFC1034</a>, one of
the two foundational RFCs for the DNS:</p>
<p>P.18 in section 4.1 (NAME SERVERS => Introduction):</p>
<blockquote>A given zone will be available from several name
servers to insure its<br>
availability in spite of host or communication link failure. By<br>
administrative fiat, we require every zone to be available on at
least<br>
two servers, and many zones have more redundancy than that.<br>
</blockquote>
<p>In case the font is too small, the key phrase is:</p>
<p>"we require every zone to be available on at least two servers"</p>
<p>That's "REQUIRE" at least TWO SERVERS</p>
</blockquote>
<p>i heard of registries whcih require even 3 and when they say they
require it means you have them or you can't register a domain, no
RFC needed to begin with<br>
<br>
</p>
<blockquote type="cite">
<p><a href="https://tools.ietf.org/html/rfc1537" target="_blank">https://tools.ietf.org/html/rfc1537</a>
documents common misconfigurations - that is, cases of
non-conformance to the RFCs that the author encountered circa
1993. It was superseded in 1993 by RFC <a href="https://tools.ietf.org/html/rfc1912" target="_blank">1912</a>, where
section 2.8 starts with "You are required to have at least two
nameservers for every domain". Neither document supersedes
RFC1034; rather they attempt to help with interpreting it.<br>
</p>
<p><a href="https://www.iana.org/help/nameserver-requirements" target="_blank">https://www.iana.org/help/nameserver-requirements</a>
consolidates information from several RFCs, since the DNS has
evolved over time. It is not an RFC, but a convenient summary.
It primarily documents the tests performed by IANA when it
processes a delegation change to the root, .INT, and .ARPA
zones. These tests validate conformance to the RFCs. As the
introduction says, "These tests do not measure against best
practices or comprehensively measure protocol conformance. They
are a practical set of baseline requirements that catch common
misconfiguration errors that impact stable operations of the
DNS."</p>
<p>Bottom line: two servers per zone are required by the DNS
architecture. It's not folklore. It's not optional.</p>
</blockquote>
<p>yes<br>
</p>
<blockquote type="cite">
<p>It is true that the DNS is robust enough to function with a
number of misconfigurations (including just one server for a
zone, since in practice this is almost indistinguishable from
transient conditions.)</p>
<p>Nonetheless, the goal of the DNS architecture (and most of its
operators) is to have a stable and robust name service.
Misconfigurations, such as those documented in rfc1527, make the
DNS unstable and fragile. The architecture tends to contain the
effects of many misconfigurations, but that doesn't make them
wise.<br>
</p>
<p>As I noted earlier: "DNS appears deceptively simple at first
blush. Setting up a serviceable infrastructure requires an
investment of thought and on-going maintenance. You will not be
happy if you skimp on that investment, since broken DNS is
externally visible - and frequently catastrophic."</p>
<p>I'll finish with a 1987 quote from Leslie Lamport on
distributed systems, which the DNS most certainly is:</p>
<p>"A distributed system is one in which the failure of a computer
you didn't even know existed can render your own computer
unusable."<br>
</p>
<p>Can the quibbling stop now?</p>
</blockquote>
<br>
thank you<br>
</div>
_______________________________________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote></div></div>