[belorn]

I am reminded of the warning that zonemaster gives about putting your domain name servers on a single AS, as is common practice for many larger providers. A lot of people do not want others to see this as a problem since a single AS is a convenient configuration for routing, but it has the downside of being a single point of failure.

Building redundant infrastructure that can withstand BGP and DNS configuration mistakes are not that simple but it can be done.

[walrus01]

As the CPU/RAM resources to run an authoritative-only slave nameserver for a few domains are extremely minimal (mine run at a unix load of 0.01), it's a very wise idea to put your ns3 or something at a totally different service provider on another continent. It costs less than a cup of coffee per month.

[belorn]

For a very long time, the computer club I was in operated a DNS server on a Pentium 75MHz and after the last major hardware upgrade it had a total of 110MB RAM memory and 2G disk space. It worked great except that before the upgrade it tended to run out of ram whenever there was a Linux kernel update, a problem we solved forever by populating all the ram slots with the maximum that the motherboard could handle to that nice 110 MB.

[psd1]

Did you populate the motherboard with the most it could handle, or the most you could assemble from a box of assorted sticks?

Otherwise, 110MB would hint at a fascinating engineering culture at the motherboard manufacturer.

[walrus01]

If I remember right there were certain very early pentium 3 processor competitors from VIA and other non-intel, non-AMD sources (with much worse performance) that had integrated onboard SVGA video, where the video RAM was shared with the system DRAM. Meaning that depending how you configured the video in the BIOS, you could have something like a 128GB RAM server "minus" 16GB RAM withheld for video, with like 112GB usable by the OS.

But if this guy is talking about a pentium 75 MHz (socket 5 CPU) that's a totally different generation of stuff several generations before that.

[account42]

This makes sense for larger providers but just for a small/personal website there is literally zero advantages to having distributed authoritative DNS servers when the webserver is on a single host.

Ironically, denic still requires you to have two separate name servers with different IPs for your domain (which can be worked around by changing the IP of the registered name server afterwards lol), a requirement that all other registries I use have dropped or never had because enforcing such a policy at the registry level makes zero sense.

[walrus01]

For a domain owned by someone in North America, it costs me literally $1.50 a month to have an authoritative only ns3 in Europe on a totally different ISP.

[icedchai]

It depends. Do you also have email or other services for that domain? The advantage is your email doesn't start bouncing when your single host web site / DNS server is down.

[account42]

Email bouncing during rare downtimes is hardly that big of an issue - if its actually important the sender will retry, possibly with a different contact method. And for short downtimes most likely the sender's MTA will just automatically retry a bit later - email is designed to work with temporary failures.

There isn't some magic reliability that everyone needs which just so happens to fall into "not achievable with a single authoritative name server" and "guaranteed with two servers". I'm not saying you should never have more than one, just that isn't the registry's business to decide what kind of availability guarantees you need for your domain.

[icedchai]

It's simple enough to get a secondary DNS server somewhere and put it on $5/month VPS. I use BIND and DNS replication (AXFR/IXFR) handles it.

[ondohotola]

Have you ANY clue about the size of .DE's name server infrastructure?

[throw0101c]

> Have you ANY clue about the size of .DE's name server infrastructure?

Is it more or less than the F-root server run by ISC?

* https://www.isc.org/f-root/

If you want, you can even request your own instance (a 1U Dell):

* https://www.isc.org/froot-process/

Or an instance of ICANN's L-root server, also 1U:

* https://www.dns.icann.org/imrs/

Would .de have more, or less, traffic than some of the root servers?

[icedchai]

Are you following the thread? We're talking about redundancy for a single domain here.

[amiga386]

The single domain here is a ccTLD, and DNS's heirarchical nature means your personal domain's redundant DNS can't mitigate an outage at the ccTLD level.

[icedchai]

Sorry, no. I was responding to "I am reminded of the warning that zonemaster gives about putting your domain name servers on a single AS, as is common practice for many larger providers."

That is not the ccTLD, that is an individual domain and its name servers. I recall being given that warning for early domain registrations.

[deepsun]

On Google cloud it's always four nameservers like

    ns-cloud-c1.googledomains.com
    ns-cloud-c2.googledomains.com
    ns-cloud-c3.googledomains.com
    ns-cloud-c4.googledomains.com

Would not make any sense to do four of them if it's a single AZ. Also, they are geo-aware and routed to your nearest region.

[seabrookmx]

Are you conflating autonomous system (AS) with availability zone (AZ)?

[deepsun]

Uhh, you're right, I totally did. Now I see the parent's point, thank you.