Hosting multiple TLDs

Barry Margolin barry.margolin at level3.com
Wed Sep 24 17:38:36 UTC 2003 

Sorry for the long-delayed reply.  We had a problem here that's been
preventing me from accessing my company's news server for the past 2 weeks.

In article <bk4t86$2foi$1 at sf1.isc.org>,
Jonathan de Boyne Pollard  <J.deBoynePollard at Tesco.NET> wrote:
>JdeBP> That is _good_ practice.  _Best_ practice is for all of the
>JdeBP> intermediate domain names to be subdomains of the domain 
>JdeBP> being delegated itself.  (For example, all of the 
>JdeBP> intermediate domain names used in the delegation of "gwu.edu."
>JdeBP> would be subdomains of "gwu.edu." itself.)
>
>BM> While that may be nice, it's highly impractical in many cases.
>
>False.  You are conflating ownership of the intermediate domain name itself
>with ownership of the IP address that it maps to.

I don't think I am.

>BM> Don't forget another best practice: having nameservers with 
>BM> few common points of failure.  Many organizations implement 
>BM> this getting slave DNS service from their ISP or some other 
>BM> third party.  The slave DNS provider's servers are virtually 
>BM> never in the customer's domain, and often not even in the 
>BM> same TLD (if they're an ISP they're likely to have a .NET 
>BM> domain).
>
>And this is where you are doing it.  Furthermore, the good practice that you
>cite is irrelevant to this discussion and a red herring, because it doesn't
>actually conflict with the best practice that I gave at all.
>
>The servers run by the hosting company do not have _IP addresses_ that are
>owned by the customer.  (And it is the IP addresses to which the "common
>points of failure" concerns that you allude to apply.)  The ownership of the
>domain names that they have is an entirely different matter.  You are
>conflating ownership of the intermediate domain names with ownership of the IP
>addresses.
>
>Indeed, there's not really a proper notion of those servers being "in" a
>single specific domain, the customer's or another, at all; so your argument
>that they are "in" one domain to the exclusion of being "in" any other has no
>concrete foundation.  

I was using "in" as short for "having a name that's a subdomain of".

>		       The intermediate domain names used in the delegation of
>the customer's domain are usage-specific domain names.  Their existence
>doesn't make the servers (whose IP addresses they map to) "in" the domain that
>they are subdomains of.  Neither (now that Verisign has lifted its erstwhile
>restriction) are the servers precluded from having many such intermediate
>domain names.  (Moreover, the existence of those other intermediate domain
>names doesn't make the servers "in" those other domains, either.)
>
>BM> Do you really expect ISP's and other DNS providers to have
>BM> servers in every potential TLD?
>
>That question is a leading question that implies the false premise that one
>needs a separate server for each domain, and is thus unanswerable.  You are
>erroneously thinking that there's a one-to-one mapping between an intermediate
>domain name, used in a delegation, and a server.  There isn't.  (The mapping
>is many-to-one, sometimes even many-to-many.)

I never said there was a one-to-one mapping.  But it's impractical to
maintain lots of A records and host registrations mapping all these names
to our servers' addresses.  If we change our server addresses, we'd have to
track down all these places where the old addresses were entered and get
them fixed.

>You are erroneously thinking that the same, single, intermediate domain name
>must be used for any given server in _every_ delegation that points to that
>server.  It need not.

It doesn't have to technically.  But logistically it does.

We've been through this.  Many of our customers used to enter A records for
our nameservers in their zone files, and old versions of BIND allowed this
and gave them out as additional info.  When we changed the addresses of
some of these servers, the old addresses continued to show up in caches for
years.  Modern versions of BIND ignore this "out of zone" info, but if they
started giving them hostnames in their own domains then it would be
accepted and the problem would come back.

Since the servers and their addresses are under our control, we want
everyone indirecting through hostnames that we have full control over.

-- 
Barry Margolin, barry.margolin at level3.com
Level(3), Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list