Name server placement

Wed Nov 28 23:19:45 UTC 2001

On Wed, Nov 28, 2001 at 01:42:56PM -0600, McNutt, Justin M. wrote:
> I am in the process of doing some pretty major restructuring of DNS for
> Mizzou (missouri.edu).  I'm looking at the WHOIS information for
> missouri.edu and 128.206.0.0 and I see a lot of secondary name servers
> listed that are outside my netblock.
> 
> Short Version:  The question is whether or not any of those are necessary,
> IF I have another secondary in my network that I control.
> 
> Long Version:  I am trying to simplify the configuration and management of
> our name servers, and these external servers represent trouble in several
> different ways, from security to licensing (IP management software).  I'm
> looking for a compelling reason to keep them before I get rid of them.
> 
> Consider that noc.missouri.edu (the one listed as Primary) is in our
> "external" network.  Outside users are allowed to query this name server.
> Another name server will soon be added to that same network that can serve
> as the Secondary for outside users (both will technically be slaves to a
> hidden master, but that's neither here nor there).
> 
> In the event that the Primary only fails, outside users will be able to
> reach the Secondary.
> 
> In the event that neither the Primary nor the Secondary are reachable, it is
> likely that none of 128.206.0.0 is reachable either (due to the structure of
> our network).
> 
> All of the network switches and routers are monitored, and so are all of our
> name servers.  Both reachability and responses to name queries are monitored
> (in case the only problem is with the named daemon).  Both the network
> infrastructure (L2 and L3) and the servers have been very stable, so we
> don't anticipate a lot of problems in the first place.

	Non-authoritative answer:
	missouri.edu	nameserver = argus.more.net
	missouri.edu	nameserver = ns2.psi.net
	missouri.edu	nameserver = noc.missouri.edu
	missouri.edu	nameserver = ns3.missouri.edu
	missouri.edu	nameserver = jupiter.cc.umr.edu

	Authoritative answers can be found from:
	argus.more.net	internet address = 150.199.1.11
	ns2.psi.net	internet address = 38.8.50.2
	noc.missouri.edu	internet address = 128.206.2.252
	ns3.missouri.edu	internet address = 128.206.10.3
	jupiter.cc.umr.edu	internet address = 131.151.254.243

Five is not an exorbitant number, I think.  I see that you, more.net,
and umr.edu share some DNS hosting ... actually, umr.edu does NOT list
you as a name server: oh, well, you got one free.  ;-)  That leaves
PSInet as the only ones whom you would be paying; and I suspect that
would be free if they are your ISP.

So what licensing fees would you be paying?  Certainly not for BIND!
;-)  Unless someone tricked you into paying for what everyone else gets
for free!  ;-)  ;-)  Are you using some other software for which you
pay licensing fees on a per-name server basis, even if the name server
is not under your control?  Sounds like some cheap Micro$oft trick.

Incidentally, please note the order of the PEER SERVERS above.  Next
time I look, it is likely to be different.  To the resolvers, there is
NO SUCH THING as "primary" or "secondary".  All servers are peer
servers, and are (at first) equally likely to be chosen first.  You can
change that for local lookups; but once they're in another name server's
cache, they're subject to that server's distribution policy.  This may
be round robin, or best first, or something else; but it has nothing to
do with what you told EduNIC is your "primary" vs. your "secondary".

Finally, why have off-site secondaries at all?  I send mail to a few
sites that have only one name server, or two on the same network and
power, which for this purpose is the same as "none".  If their network
and/or power are down, and I try to send them e-mail, the mail server
will tell me that the mail address is invalid, since there is no host
by that name.  Fortunately, most sites either don't go down ever [;-)],
or come back up quickly enough that their info hasn't faded from my
cache, or have another name server elsewhere that returns their MX and
Address information.  Then my mail server goes into store-and-forward
mode, and only returns it to me after N days have passed, and the
information is stale anyway.  ;-)

-- 
Joe Yao				jsdy at center.osis.gov - Joseph S. D. Yao
OSIS Center Systems Support					EMT-B
-----------------------------------------------------------------------
   This message is not an official statement of OSIS Center policies.