If your NS are in 2 separate entities, you could still resolve your MX/A/AAAA/NS. Look how Amazon is doing it. dig +short amazon.com NS ns4.p31.dynect.net. ns3.p31.dynect.net. ns1.p31.dynect.net. ns2.p31.dynect.net. pdns6.ultradns.co.uk. pdns1.ultradns.net. They use dyn DNS from Oracle and ultradns. 2 very strong network of anycast DNS servers. Amazon would have not been impacted like Facebook yesterday. Unless ultradns and Oracle have their DNS servers hosted in Amazon infra? I doubt that Oracle has dns hosted in Amazon, but it's possible. Probably the management overhead to use 2 different entities for DNS is not financially viable? Jean -----Original Message----- From: NANOG <nanog-bounces+jean=ddostest.me@nanog.org> On Behalf Of Mark Tinka Sent: October 5, 2021 8:22 AM To: nanog@nanog.org Subject: Re: Facebook post-mortems... On 10/5/21 14:08, Jean St-Laurent via NANOG wrote:
Maybe withdrawing those routes to their NS could have been mitigated by having NS in separate entities.
Well, doesn't really matter if you can resolve the A/AAAA/MX records, but you can't connect to the network that is hosting the services. At any rate, having 3rd party DNS hosting for your domain is always a good thing to have. But in reality, it only hits the spot if the service is also available on a 3rd party network, otherwise, you keep DNS up, but get no service. Mark.