ISP network design of non-authoritative caches

Randy Bush randy at
Sat Nov 17 15:35:58 UTC 2001

> dnsops is for operators of authoritative name servers.

dnsop (note singular) is for non-protocol, but still technical, aspects
of the dns.  i am not aware of an ietf wg which limits parcipitation by
occupation.  if you want cliques, go to icann :-).

> Instead of a set of authoritative servers, the servers which actually
> deliver direct DNS service to users/hosts are non-authoritative,
> caching servers.

some measurements show a large number of combo servers, i.e. they are
authoritative for their local domain(s), say, but also act as
recursive caching servers for the users of a site.

> During the boom times, ISPs couldn't individually configure millions
> of DNS clients.  They generally told subscribers to use two statically
> configured name servers, or more recently used DHCP to set them.  Several
> national ISPs, including the one I use, with millions of subscribers,
> appear to still do this.
> We know this isn't good engineering practice

well, actually, a number of the large providers use many servers at the
same v4 anycast address.  so they get fairly rich geographic/topologic
dispersion, but don't confuse users with a dozen addresses.  i consider
this reasonably good engineering practice.  ymmv.

setting up the routing for this is a bit of a hack, but not all that
hard.  and the magma wg's work may give us some simpler tools.

> Is there a white paper, best common practice, or book which shows
> the naive ISP (whether they have 10 or 10 million subscribers) how
> to architect their DNS system?

not of which i am aware.  wanna help write a dnsop i-d?


More information about the NANOG mailing list