DNS pulling BGP routes?

Bill Woodcock woody at pch.net
Thu Oct 7 16:44:37 UTC 2021

> On Oct 7, 2021, at 6:25 PM, Jean St-Laurent via NANOG <nanog at nanog.org> wrote:
> Nice document.
> In section 2.5 Routing, this is written:
> Distributing Authoritative Name Servers via Shared Unicast Addresses...
> organizations implementing these practices should
>   always provide at least one authoritative server which is not a
>   participant in any shared unicast mesh.

This was superstition, brought forward from 1992 by the folks who were yelling “damned kids get offa my lawn” at the time.

There’s no reason to include a unicast address in an NS set in the 21st century, and plenty of reasons not to (since it’ll be very difficult to load-balance with the rest of the servers).

But one should NEVER NEVER depend on a single administrative or technical authority for all your NS records.  That’s what shot Facebook in the foot, they were trying to do it all themselves, so when they shot themselves in the foot, they only had the one foot, and nothing left to stand on.  Whereas other folks shoot themselves in the foot all the time, and nobody notices, because they paid attention to the spirit of RFC 2182.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20211007/5bafcd28/attachment.sig>

More information about the NANOG mailing list