[oneplane]

Unless it is your core business, you pay companies like Cloudflare to do it for you.

If it is your core business, but you are also big enough: you also pay Cloudflare or companies like them to do it for you.

If you are in between those two: as long as your name servers can be found, they can also be DoS'ed. But they can't be found, they also can't resolve anything. And now you're getting into the true problem: the bigger pipe tends to win, and if the bigger pipe has more origin ASNs and IPs to bug you with, individually black holing them won't be feasible either. So now you need to have a 'bigger pipe' and that's not something most companies want or can invest in.

[wongarsu]

However there is value in outsourcing to two companies, and putting nameservers from both in your NS record. That way if one of them suffers a service outage for whatever reason, your users won't even notice.

[Hikikomori]

Yep, we also have two. Not a DNS expert but wouldn't half the clients (or their resolvers) stop working if one of your two providers are down? But you can recover by removing the provider that is down from your NS, assuming that the TTL is not too long.

[toast0]

Generally, recursive resolvers will retry queries multiple times and use all the NS records as needed.

You shouldn't have a broken NS record if you can avoid it, and it may add a little bit of delay, but things will still work.

Some recursive resolvers also keep statistics about authoritative servers, and when a domain had multiple NS records, the recursive resolver will prefer the option that has had the best response time in the recent past. That helps hide broken servers.

[zinekeller]

> Generally, recursive resolvers will retry queries multiple times and use all the NS records as needed.

IIRC some recursive resolvers ask all of them simultaneously and then just pass the first request received.