Re: Numbering nameservers and resolvers

["Patrick W. Gilmore" <patrick () ianai net>]

Composed on a virtual keyboard, please forgive typos. 

On Aug 16, 2010, at 7:49, Mike <mike-nanog () tiedyenetworks com> wrote:

> Hi Folks,
>
>   I am needing to renumber some core infrastructure - namely, my nameservers and my resolvers - and I was wondering 
> if the collective wisdom still says heck yes keep this stuff all on seperate subnets away from eachother? Anyone got 
> advice either way? Should I try to give sequential numbers to my resolvers for the benefit of consultants ... like 
> .11, .22 and .33 for my server ips?

1) Use different prefixes.  A single prefix going down should not kill your entire network.  (Nameservers and resolvers 
being unreachable breaks the whole Internet as far as users are concerned.)

2) Consider trading secondary NS with another AS.  This is for authorities only, recursive NSes should be on-net only. 

3) Try not to use the first /24 in a large prefix.  See as7007 incident for why, although that is probably less likely 
today. 

4) Using easily memorized numbers for at least one authority & one resolved will help your NOC, but should not override 
other considerations. 

That's a start, I'm sure others will have more suggestions. 

-- 
TTFN,
patrick