North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: How common is lack of DNS server diversity?
>Then it probably doesn't matter if you resolve their DNS, because you won't be >getting to any of their services anyway. Several folks have mentioned that they don't see a problem with dns failure caused by an inability to reach all of the nameservers for a domain - because presumably clients won't be able to reach any of the hosts in that domain. First, as we've seen demonstrated so clearly in the Microsoft case this week, nameserver unreachability does not always imply unreachability of the hosts in the domain. Second (and even if all of the hosts are truly unreachable), there is one somewhat important service that has a markedly different failure mode if the server appears to not exist - email (smtp). Folks sending mail to a domain that doesn't resolve usually get an immediate "delivery failure" response. But those sending to a resolvable domain when the target mail server is simply unreachable get their mail queued. It will typically get retried by the mail system for a few days. Only after such a long outage of the target will a delivery failure occur. (One somewhat ugly side effect of the dns outage is that some mailing lists will remove the user from their list when a delivery failure occurs. Not good to have to explain this to your users.) I lived through both situations (dns plus entire domain unreachable, and the domain unreachable but dns still works); I much prefer the results with a diverse dns setup. Tony Rall