| Well, there's a couple of strategies: - IP-diverse nameservers - TLD-diverse nameservers - BGP anycast IP-diverse nameservers requires that you expect that your DNS servers will go down rather than start returning bad results - I highly recommend having some sort of mechanism to hard-terminate access to those machines. TLD-diverse nameservers is just an extra strategy for reducing the risk that an upstream TLD issue will blow up your spot. And then BGP anycast is the expensive, complicated piece of this - it requires a high level of technical sophistication, lots of moving parts, and the QA/validation piece of it is tricky. When I built an anycast DNS system, we ended up resorting to tricks like having the DNS servers publish routes to the router for redistribution, so that a down or unresponsive server automatically withdrew the routes. Then you do things like TXT records for your zone that respond with which POP you're hitting in some sort of hashed/obfuscated fashion. It's hard and complicated, and unnecessary for most folks. Better to outsource to Route 53 or someone similar. |
Use multiple implementations, e.g. NSD/BIND for authoritative servers and Unbound/BIND for resolvers, to mitigate against implementation-specific bugs and vulnerabilities.