On Saturday 07 Jan 2006 02:54, you wrote:
While it's tempting to make fun of Qwest here, variations on this theme -
I'll happily make fun of them. If the authoritative DNS servers were in the same logical network, even if one was in Washington, and one in California, they'd deserve it. Use to do basic audit networks for end user companies (and one small ISP who bought the service), this was a standard checklist item. Literally are the authoritative name servers on different logical networks. GX networks did it. Demon Internet did it, we do it for our own hosting despite being a relatively small company, I'm sure most of NANOG readership are careful to do this. I think the comments on anycast are misplaced, most big ISPs use it, or similar, for internal recursive resolvers, but I don't think it is that crucial for authoritative servers. Of course placing all your authoritative nameservers in the same anycast group is one of the things I've complained about here before (not mentioning any TLD by name since they seem to have learnt from that one), so of itself anycast doesn't avoid the issue. You can make the same mistake in many different systems. Also some scope for longer TTL at Qwest, although I can't throw any stones as we have been busy migrating stuff to new addresses and using very short TTLs ourselves at the moment. But we'll be back to 86400 seconds just as soon as I finish the migration work. I do agree the management issue with DNS are far harder, and here longer TTL are a double edged sword. But it is hard to design a system where the mistakes don't propagate to every DNS server, although some of the common tools do make it easier to check things are okay before updates are unleased. I think there is scope for saying the DNS TTLs should be related (and greater than) the time it takes to get clue onto any DNS problem.