nanog mailing list archives

Re: QWest is having some pretty nice DNS issues right now

From: Simon Waters <simonw () zynet net>
Date: Tue, 10 Jan 2006 09:12:55 +0000


On Monday 09 Jan 2006 21:26, Christopher L. Morrow wrote:

On Mon, 9 Jan 2006, Randy Bush wrote:

It seems like maybe that is all too common. Are the 'best practices'
documented for Authoritative DNS somewhere central?


yes, yes.. people who care (a lot) have read this I'm sure... I was aiming
a little lower :) like folks that have enterprise networks :) Or, maybe
even registrars offering 'authoritative dns services' like say 'worldnic'
who had most of their DNS complex shot in the head for 3 straight days :(


It is the old story of ignorance and cost, plus with DNS a "perceived loss of 
control".

In the UK many domains are registered with a couple of the cheapest providers, 
who do not do off network DNS, and in the past one offered non-RFC compliant 
mail forwarding as a bonus. I've seen people switch the DNS part of a hosting 
arrangement to these guys to save about 10 USD a year. Of course people 
competing at those sort of price levels offer practically no service 
component, so even if nothing dreadful happens it still turns into a false 
economy.

It reminds me of the firewall market, when the average punter had no idea how 
to assess the "security" aspects of a firewall, and so firewall vendors ended 
up pushing throughput, and price, as the major selling points. I know people 
who bought firewalls capable of handling 160Mbps of traffic, who still have 
it filtering a 2Mbps Internet connection, badly.

By and large the big ISPs do a good job with DNS, the end users do a terrible 
job. I think once you get to the size where you need a person (or team) doing 
DNS work fulltime, it probably gets a lot easier to do it right.

Perhaps I should dust off my report on the quality of DNS configurations in 
the South West of England, and turn it into a buyers guide?

That said I don't think doing DNS right is easy. I know pretty much exactly 
what my current employer is doing wrong, but these failures to conform to 
best practice aren't as much of a priority as the other things we are doing 
wrong. At least in our case it is done with knowledge of what can (and likely 
will eventually) go wrong.

Current thread:

Re: QWest is having some pretty nice DNS issues right now, (continued)
- - - Re: QWest is having some pretty nice DNS issues right now Andy Davidson (Jan 08)
    - Re: QWest is having some pretty nice DNS issues right now Martin Hannigan (Jan 08)
    - Re: QWest is having some pretty nice DNS issues right now Simon Waters (Jan 09)
    - Re: QWest is having some pretty nice DNS issues right now Christopher L. Morrow (Jan 09)
    - Re: QWest is having some pretty nice DNS issues right now bmanning (Jan 09)
    - Re: QWest is having some pretty nice DNS issues right now Valdis . Kletnieks (Jan 09)
    - Message not available
    - Re: QWest is having some pretty nice DNS issues right now Christopher L. Morrow (Jan 09)
    - Re: QWest is having some pretty nice DNS issues right now Michael Loftis (Jan 09)
    - Re: QWest is having some pretty nice DNS issues right now Randy Bush (Jan 09)
    - Re: QWest is having some pretty nice DNS issues right now Christopher L. Morrow (Jan 09)
    - Re: QWest is having some pretty nice DNS issues right now Simon Waters (Jan 10)
    - Re: QWest is having some pretty nice DNS issues right now bmanning (Jan 09)
    - Message not available
    - Re: QWest is having some pretty nice DNS issues right now Simon Waters (Jan 10)
- Re: QWest is having some pretty nice DNS issues right now Fergie (Jan 06)