Is it Bad Practice to Use NS Server that is Usually Turned Off?

Thu Jun 26 13:51:16 UTC 2008

Barry,

Thanks for your guidance.  After considering your comments, I did some
research, and found the following documents: RFC 2182 (Selection and
Operation of Secondary DNS Servers) and RFC 1912 (Common DNS Errors)
to be educating and useful.

I am using your suggestion of leaving the backup site as a reachable
name server.  I made this server a secondary, and it gets zone
transfers from the primary DNS server.

Thank you for your help.

Seth

On Jun 25, 10:50 pm, Barry Margolin <bar... at alum.mit.edu> wrote:
> In article <g3uer6$28o... at sf1.isc.org>, s.fens... at gmail.com wrote:
> > Hi,
>
> > I want to know if it is considered bad practice to use a name server
> > that is usually not responding.  My goal is to quickly be able to
> > change name servers in the case of a disaster at the main site.
>
> > Our setup is the following:
>
> > ISP hosts our zone file, which looks like this:
>
> > myserver    IN NS wan1.domain.com
> >                  IN NS wan2.domain.com
>
> > wan1.domain.com    IN A   1.2.3.4
> > wan2.domain.com    IN A   2.3.4.5
>
> > I control wan1.domain.com and have A records for my servers.  In order
> > to prevent requests from going to wan2 (which is our backup site), I
> > would disable access to that dns server.  As I understand it, there is
> > no priority for NS records like there is for MX records.  I understand
> > this might create more traffic on 2.3.4.5, but it may be an acceptable
> > consequence.
>
> > My question is, will my users see a delay when resolving
> > myserver.domain.com? I saw that BIND uses a relatively smart (as
> > compared to round robin) algorithm to determine which name server to
>
> Most DNS servers keep track of nameserver response times, and prefer the
> ones with better response times.  But they also periodically try the
> other servers, so that they'll detect when their performance improves.
> So this will result in occasional lookup delays.
>
> > query.  I assume my ISP is using BIND (but I am not sure).
>
> And even so, what you care about is the ISPs for all the people who
> might try to access your domain.
>
> > The alternative is to use a managed DNS service that detects down
> > links and switches NS servers.  It would be great if my ISP did this,
> > but I suspect they don't.  And I don't want to wait for them to change
> > my zone file and wait for it to propagate.  I also don't want to give
> > my DNS over to a managed provider - I like to be in control of my DNS.
>
> Why don't you keep both nameservers running, but update the zone
> contents when you need to fail over?  Do you really need to avoid DNS
> traffic to the backup site?
>
> --
> Barry Margolin, bar... at alum.mit.edu
> Arlington, MA
> *** PLEASE don't copy me on replies, I'll read them in the group ***