Facebook post-mortems...

Jean St-Laurent jean at ddostest.me
Tue Oct 5 12:58:21 UTC 2021

If your NS are in 2 separate entities, you could still resolve your MX/A/AAAA/NS.

Look how Amazon is doing it.

dig +short amazon.com NS

They use dyn DNS from Oracle and ultradns. 2 very strong network of anycast DNS servers.

Amazon would have not been impacted like Facebook yesterday. Unless ultradns and Oracle have their DNS servers hosted in Amazon infra? I doubt that Oracle has dns hosted in Amazon, but it's possible.

Probably the management overhead to use 2 different entities for DNS is not financially viable?


-----Original Message-----
From: NANOG <nanog-bounces+jean=ddostest.me at nanog.org> On Behalf Of Mark Tinka
Sent: October 5, 2021 8:22 AM
To: nanog at nanog.org
Subject: Re: Facebook post-mortems...

On 10/5/21 14:08, Jean St-Laurent via NANOG wrote:

> Maybe withdrawing those routes to their NS could have been mitigated by having NS in separate entities.

Well, doesn't really matter if you can resolve the A/AAAA/MX records, but you can't connect to the network that is hosting the services.

At any rate, having 3rd party DNS hosting for your domain is always a good thing to have. But in reality, it only hits the spot if the service is also available on a 3rd party network, otherwise, you keep DNS up, but get no service.


More information about the NANOG mailing list