All name servers on one segment?

David R. Kirk david at kirks.org
Mon May 7 16:57:44 UTC 2001 

I think that it is an erroneous assumption to state that just because name
servers appear to be on the same logical network (e.g. UUNET uses
198.6.1.0/24 and 198.6.100.0/24) for its name servers) there is an
inherent problem.

If the logical network and physical network are in one location, that is
certainly a cause for major concern, a la Microsoft; if the network is
subnetted and routed in smaller blocks, or less desirably host routed,
the concern should be much lessened.

Obviously, a larger company/service provider has much greater ability
to subnet and geographically distribute address space and thus servers,
but having name servers live on the same logical network segment is
not necessarily bad; having the logical network be in one place is
definitely horrible, though.


----- Original Message -----
From: Adam Lang <aalang at rutgersinsurance.com>
To: <bind-users at isc.org>
Sent: Monday, May 07, 2001 11:42 PM
Subject: Re: All name servers on one segment?


>
> I'd assume it is bad practice to have your backup DNS servers on the same
> segment (if you can avoid it).  Like you said, one disaster can take out
all
> DNS resolution.
>
> Adam Lang
> Systems Engineer
> Rutgers Casualty Insurance Company
> http://www.rutgersinsurance.com
> ----- Original Message -----
> From: "Kenneth Porter" <shiva at well.com.invalid>
> Newsgroups: comp.protocols.dns.bind
> To: <comp-protocols-dns-bind at moderators.isc.org>
> Sent: Monday, May 07, 2001 7:03 AM
> Subject: All name servers on one segment?
>
>
> > Given the recent DNS attack on Microsoft, does it make sense for a large
> > site to have all its name servers on one segment?
> >
> > I'm a HostPro hosting customer and I've noted that all their name
servers
> > are in 209.196.128/24. That seems particularly vulnerable.
> >
> > HostPro also doesn't keep domain records consistent with root records:
For
> > my two accounts they list dns[12].hostpro.net as my name servers in
NSI's
> > records, but the domain itself (sewingwitch.com) lists
> > dns[12].netlimited.net for NS records. All 4 servers are in the same
> > netblock, which suggests a single point of failure.
> >
> > HostPro just announced that Miss Universe is hosting with them, and
> > missuniverse.com suffers from the same problem. The missuniverse.com NS
> > records list 2 more servers in the same netblock,
dns[12].netservers.net.
> >
> > For an economy hosting service, HostPro has done a pretty good job for
me.
> > Their handling of DNS leaves me a bit less than confident, though. Are
my
> > concerns misplaced?
> >
> > --
> > Kenneth Porter
> > http://www.sewingwitch.com/ken/
> > Remove 'invalid' for correct email address
>
>
>

More information about the bind-users mailing list