nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: DNS pulling BGP routes?

From: Jean St-Laurent via NANOG <nanog () nanog org>
Date: Thu, 7 Oct 2021 13:02:58 -0400
Well said Bill. 

I agree with you about having all your tech/adm records + registrar on the same NS... especially for your OOB domain. 

Probably what killed them. They lost access to their fb-00b-net-mgmt.io cool dns name network. It just went from bad to 
worst when they realized that they also lost physical access to the building.

We all learned a lot and we're still learning.
Jean

-----Original Message-----
From: Bill Woodcock <woody () pch net> 
Sent: October 7, 2021 12:45 PM
To: Jean St-Laurent <jean () ddostest me>
Cc: Masataka Ohta <mohta () necom830 hpcl titech ac jp>; Bjørn Mork <bjorn () mork no>; nanog () nanog org
Subject: Re: DNS pulling BGP routes?


This was superstition, brought forward from 1992 by the folks who were yelling “damned kids get offa my lawn” at the 
time.

There’s no reason to include a unicast address in an NS set in the 21st century, and plenty of reasons not to (since 
it’ll be very difficult to load-balance with the rest of the servers).

But one should NEVER NEVER depend on a single administrative or technical authority for all your NS records.  That’s 
what shot Facebook in the foot, they were trying to do it all themselves, so when they shot themselves in the foot, 
they only had the one foot, and nothing left to stand on.  Whereas other folks shoot themselves in the foot all the 
time, and nobody notices, because they paid attention to the spirit of RFC 2182.

                                -Bill
Previous By Date Next
Previous By Thread Next

Current thread: