It appears that a network problem of some sort has knocked Paraguay's top level domain off the air. Not surprising when you look at the output for: whois py-dom and see this: NS.CNC.UNA.PY 200.10.228.132 SCE.CNC.UNA.PY 200.10.228.133 If anyone on this list is prepared to make a serious offer of secondary DNS for this country, then please email the admin contact gbellas@UCA.EDU.PY and the technical contact hmereles@CNC.UNA.PY. Of course, neither address will work until they get back on the air... -- Michael Dillon - E-mail: michael@memra.com Check the website for my Internet World articles - http://www.memra.com
Anyone in a situation like this, I'm willing to do secondaries for these sorts of domains, and plan to build a secondary-dns-server engine that people would be able to send templates to, etc.. IMHO, the internic should not allow any domains to have pri+sec nameserver in the same /24 - Jared On Sun, Mar 07, 1999 at 11:03:02AM -0800, Michael Dillon wrote:
It appears that a network problem of some sort has knocked Paraguay's top level domain off the air. Not surprising when you look at the output for:
whois py-dom
and see this:
NS.CNC.UNA.PY 200.10.228.132 SCE.CNC.UNA.PY 200.10.228.133
If anyone on this list is prepared to make a serious offer of secondary DNS for this country, then please email the admin contact gbellas@UCA.EDU.PY and the technical contact hmereles@CNC.UNA.PY. Of course, neither address will work until they get back on the air...
-- Michael Dillon - E-mail: michael@memra.com Check the website for my Internet World articles - http://www.memra.com
-- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
IMHO, the internic should not allow any domains to have pri+sec nameserver in the same /24
Strictly speaking, you can't assume that "in the same /24" translates to "share the same exit gateway." They *could* be /32s routed around inside the interior of some provider with enough exit gateways and such to keep them reachable in the event of failure. The assumption would appear to be valid here, sadly. :-(
IMHO, the internic should not allow any domains to have pri+sec nameserver in the same /24
Why not? I know several people who stick them all in /30s as they are so difficult to move. All bar one (which is in a different originated AS) of ours are in the same /24 (different /30s, and different continents in some cases). -- Alex Bligh GX Networks (formerly Xara Networks)
On Mon, Mar 08, 1999 at 11:51:50AM +0000, Alex Bligh wrote:
IMHO, the internic should not allow any domains to have pri+sec nameserver in the same /24
Why not? I know several people who stick them all in /30s as they are so difficult to move. All bar one (which is in a different originated AS) of ours are in the same /24 (different /30s, and different continents in some cases).
Most "real" providers have diverse nameservers. For them, this is not a problem, but for the other 99% of domains that are delegated, they have their nameservers on the same ethernet segment. Domain Name: MONICALEWINSKI.COM Domain servers in listed order: ZORK.TIAC.NET 199.0.65.2 SUNDOG.TIAC.NET 199.0.65.9 This means once your /24 drops from routing, you have no primary nor secondary nameservice. This is meant only as an example, but to make my point. Because the delegation authorities can do an easy check to see if the ips are in the same /24, this could prevent a number of real outages, such as a TLD being OOS, but also help fix all the little guys who don't understand the idea of geographicaly diverse nameservers. - jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
On Mon, 8 Mar 1999, Jared Mauch wrote:
Most "real" providers have diverse nameservers. For them, this is not a problem, but for the other 99% of domains that are delegated, they have their nameservers on the same ethernet segment.
Domain Name: MONICALEWINSKI.COM
Domain servers in listed order:
ZORK.TIAC.NET 199.0.65.2 SUNDOG.TIAC.NET 199.0.65.9
This means once your /24 drops from routing, you have no primary nor secondary nameservice.
Whelp I used to work for that company - and I know that 199.0.65.0/24 is on a FDDI ring shared by 2 7507's and all common services are on that ring - each 7507 has a HSSI with a DS3 to different exchanges to UUNET - so you're right if UUNET goes down then it is dead - I know the 2 DS3's terminate diferently but they will be down if UUNET is... -- I am nothing if not net-Q! - ras@poppa.thick.net
Whelp I used to work for that company - and I know that 199.0.65.0/24 is on a FDDI ring shared by 2 7507's and all common services are on that ring - each 7507 has a HSSI with a DS3 to different exchanges to UUNET - so you're right if UUNET goes down then it is dead - I know the 2 DS3's terminate diferently but they will be down if UUNET is...
wow! you did not cheat and read rfc 2182, did you? randy
Most "real" providers have diverse nameservers. For them,
Correct. But diverse announcements are neither a necessary nor sufficient condition for diverse namespace. And given you can't (in Europe anyway) get diverse announcements from day one, and you said...
IMHO, the internic should not allow any domains to have pri+sec nameserver in the same /24
...your proposal would exclude people with valid subnetting plans but no diverse announcements who wish to register new Internic names. Given Internic's current situation with lame delegation, I think this is the least of their problems. If you wanted to fix this correctly, you could find the penultimate hop to each nameserver, and check they were different. This would seem to be closer to what you are intending to achieve. -- Alex Bligh GX Networks (formerly Xara Networks)
If I wanted to put my nameservers on the same network but route to them through VPNs, tunnels, or whatevers*, it would be up to me to ensure their reachability. First, let's not give InterNIC more power -- they already abuse that which they have. Second, let's not confuse DNS (and DNS stewards) with routing, and addressing. The latter two are operational, NANOG issues, and important. The former, well, let's just call it a sad case of session layer taking down a country ;-) Ehud *whatevers -- whatever your vendor calls your solution to whatever
Most "real" providers have diverse nameservers. For them,
Correct. But diverse announcements are neither a necessary nor sufficient condition for diverse namespace. And given you can't (in Europe anyway) get diverse announcements from day one, and you said...
IMHO, the internic should not allow any domains to have pri+sec nameserver in the same /24
...your proposal would exclude people with valid subnetting plans but no diverse announcements who wish to register new Internic names. Given Internic's current situation with lame delegation, I think this is the least of their problems.
If you wanted to fix this correctly, you could find the penultimate hop to each nameserver, and check they were different. This would seem to be closer to what you are intending to achieve.
-- Alex Bligh GX Networks (formerly Xara Networks)
Anyone in a situation like this, I'm willing to do secondaries for these sorts of domains, and plan to build a secondary-dns-server engine that people would be able to send templates to, etc..
Same here; nac.net would be willing to host any secondary DNS for anyone, specifically TLDs or foreign folks. Foreign to the US, that is :-)
IMHO, the internic should not allow any domains to have pri+sec nameserver in the same /24
Amen, except it can be misleading. NS1.NAC.NET 207.99.0.1 NS2.NAC.NET 207.99.0.2 NS6.NAC.NET 209.123.20.243 Whilst 207.99.0.1 and .2 are on the same /24 (obviously), 207.99.0/24 is subnetted to 256 /32's, and routed to the machines. Why? So, when a machine/name-server moves within our network, it doesn't have to be renumbered. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Atheism is a non-prophet organization. I route, therefore I am. Alex Rubenstein, alex@nac.net, KC2BUO, ISP/C Charter Member Father of the Network and Head Bottle-Washer Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834 Don't choose a spineless ISP; we have more backbone! http://www.nac.net -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
On Mon, Mar 08, 1999 at 09:20:24AM -0500, alex@nac.net wrote:
Anyone in a situation like this, I'm willing to do secondaries for these sorts of domains, and plan to build a secondary-dns-server engine that people would be able to send templates to, etc..
Same here; nac.net would be willing to host any secondary DNS for anyone, specifically TLDs or foreign folks. Foreign to the US, that is :-)
IMHO, the internic should not allow any domains to have pri+sec nameserver in the same /24
Amen, except it can be misleading.
NS1.NAC.NET 207.99.0.1 NS2.NAC.NET 207.99.0.2 NS6.NAC.NET 209.123.20.243
Whilst 207.99.0.1 and .2 are on the same /24 (obviously), 207.99.0/24 is subnetted to 256 /32's, and routed to the machines. Why? So, when a machine/name-server moves within our network, it doesn't have to be renumbered.
My point is that you're doing it correctly. If you lose one of your aggregate blocks, it's not going to cause a problem. Like for example, if someone else started to announce your /24 or a /19 with your dns servers in it. You also distribute nameservers geographically, so if you lose power in a location, you don't die. - jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
participants (8)
-
Alex Bligh -
alex@nac.net -
Ehud Gavron -
Jared Mauch -
Michael Dillon -
Randy Bush -
Rich Sena -
Stephen Stuart