Numbering nameservers and resolvers

Patrick W. Gilmore patrick at ianai.net
Mon Aug 16 02:04:56 CDT 2010


Composed on a virtual keyboard, please forgive typos. 

On Aug 16, 2010, at 7:49, Mike <mike-nanog at tiedyenetworks.com> wrote:

> Hi Folks,
> 
>   I am needing to renumber some core infrastructure - namely, my nameservers and my resolvers - and I was wondering if the collective wisdom still says heck yes keep this stuff all on seperate subnets away from eachother? Anyone got advice either way? Should I try to give sequential numbers to my resolvers for the benefit of consultants ... like .11, .22 and .33 for my server ips?

1) Use different prefixes.  A single prefix going down should not kill your entire network.  (Nameservers and resolvers being unreachable breaks the whole Internet as far as users are concerned.)

2) Consider trading secondary NS with another AS.  This is for authorities only, recursive NSes should be on-net only. 

3) Try not to use the first /24 in a large prefix.  See as7007 incident for why, although that is probably less likely today. 

4) Using easily memorized numbers for at least one authority & one resolved will help your NOC, but should not override other considerations. 

That's a start, I'm sure others will have more suggestions. 

-- 
TTFN,
patrick





More information about the NANOG mailing list