Facebook post-mortems...

• Previous message (by thread): Facebook post-mortems...
• Next message (by thread): Facebook post-mortems...
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If your NS are in 2 separate entities, you could still resolve your MX/A/AAAA/NS.

Look how Amazon is doing it.

dig +short amazon.com NS
ns4.p31.dynect.net.
ns3.p31.dynect.net.
ns1.p31.dynect.net.
ns2.p31.dynect.net.
pdns6.ultradns.co.uk.
pdns1.ultradns.net.

They use dyn DNS from Oracle and ultradns. 2 very strong network of anycast DNS servers.

Amazon would have not been impacted like Facebook yesterday. Unless ultradns and Oracle have their DNS servers hosted in Amazon infra? I doubt that Oracle has dns hosted in Amazon, but it's possible.

Probably the management overhead to use 2 different entities for DNS is not financially viable?

Jean

-----Original Message-----
From: NANOG <nanog-bounces+jean=ddostest.me at nanog.org> On Behalf Of Mark Tinka
Sent: October 5, 2021 8:22 AM
To: nanog at nanog.org
Subject: Re: Facebook post-mortems...



On 10/5/21 14:08, Jean St-Laurent via NANOG wrote:

> Maybe withdrawing those routes to their NS could have been mitigated by having NS in separate entities.

Well, doesn't really matter if you can resolve the A/AAAA/MX records, but you can't connect to the network that is hosting the services.

At any rate, having 3rd party DNS hosting for your domain is always a good thing to have. But in reality, it only hits the spot if the service is also available on a 3rd party network, otherwise, you keep DNS up, but get no service.

Mark.

• Previous message (by thread): Facebook post-mortems...
• Next message (by thread): Facebook post-mortems...
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]