Name servers
From Sysadmin
Contents |
Positioning
The primary nameserver should not be on the same server or subnet as the most important services owned by the organisation. Having to move the important functions quickly will be hampered by a need to redelegate the master nameserver at the same time. This could easily add 24-48 hours to an outage.
Redundancy
It is essential to maintain a high level of redundancy for name servers. Despite the claims of some in recent years this is as important as it ever was. If all of the name servers for a domain become uncontactable then the failures that occur in services for the domain will be much more serious than if the service itself fails.
If all of the name servers for a domain are down some MTAs will bounce the mail as they will consider the domain to not exist. Similarly web browsers will report the domain as not existing rather than the site being down. As well as the various technical problems that this causes, this could be confusing to the end user.
In order to retain the high level of redundancy it is important to maintain physical and logical separation of name servers.
As required by the RFCs and all registrars each domain should have at least 2 nameservers.
Physical Separation
Nameserver should be physically separated. At the very least the nameservers for a domain should not all be in the same city. Ideally the nameservers should be situated in at least 2 countries. Seperating nameservers on to multiple continents is highly desirable.
This is not as difficult as it may seem. Secondary DNS servers are often offered complimentary to customers by domain registrars. In addition free primary & secondary services such as EveryDNS are available, although this may not be suitable in a business context. Virtual servers can be purchased cheaply in North America and are suitable for use as authoritative nameservers in many cases.
There is no requirement for the name servers to be equally distributed. It is permissible for most of the name servers to be situated in one country or region and one or two to be geographically distant.
Logical Separation
As well as good physical separation it is important to separate the name servers logically, so that they are distant in cyberspace. Principally this refers to maintaining seperate nameservers on different subnets. Even if advanced switching technologies like MPLS are in use there is still a need for seperation at the network layer to protect against failures in this layer, such as routing problems.
In general good physical separation will result in good logical separation, although this is no longer necessarily true as a result of advanced switching technologies.
The use of anycasting for DNS effectively implies good physical and logical seperation.
Administrative Separation
It is undesirable to situate all name servers on hosts owned or controlled by a single organisation. For ease of management it may be desirable to situate all name servers on hosts controlled by a single organisation however this leaves the domain open to a failure of that organisation. When ISPs have gone bankrupt, servers in their DC have literally been turned off and removed within days, regardless of who owns them.
