[DNSOP] Siting name servers
"Paul Hoffman" <paul.hoffman@vpnc.org> Mon, 08 February 2016 15:10 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C02961B2CEE for <dnsop@ietfa.amsl.com>; Mon, 8 Feb 2016 07:10:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.347
X-Spam-Level:
X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hCQiKhTiP4aZ for <dnsop@ietfa.amsl.com>; Mon, 8 Feb 2016 07:10:29 -0800 (PST)
Received: from hoffman.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 147EE1B2CEB for <dnsop@ietf.org>; Mon, 8 Feb 2016 07:10:29 -0800 (PST)
Received: from [10.32.60.113] (50-1-51-124.dsl.dynamic.fusionbroadband.com [50.1.51.124]) (authenticated bits=0) by hoffman.proper.com (8.15.2/8.14.9) with ESMTPSA id u18FAR2h090723 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 8 Feb 2016 08:10:28 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: hoffman.proper.com: Host 50-1-51-124.dsl.dynamic.fusionbroadband.com [50.1.51.124] claimed to be [10.32.60.113]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: Jakob Schlyter <jakob@kirei.se>
Date: Mon, 08 Feb 2016 07:10:26 -0800
Message-ID: <E5D4EF09-F59C-4944-87A8-EC9123F5791C@vpnc.org>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.3r5187)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/NUMaLn-mGV2EIYceZVCKdIIlIzw>
Cc: dnsop <dnsop@ietf.org>
Subject: [DNSOP] Siting name servers
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Feb 2016 15:10:29 -0000
On 8 Feb 2016, at 4:07, Jakob Schlyter wrote: >> 6.2 The name servers SHOULD NOT belong to the same AS >> I would drop that requirement altogether or make it a MAY. We really >> should not tell people how to build networks from the DNS world. > > I would agree, but on the other hand it's apparent that a lot still > make really bad choices, such as putting all of their authoritative > name servers on a single LAN or site. There are exceptions for the > "belong to same AS", can we perhaps try to state those? In the spirit of RFC 2119 (if you haven't read it recently, please do so: it's short), a SHOULD is most appropriate if you talk about the exceptions. Saying "you SHOULD NOT have all the nameservers in the same AS unless you are willing to risk no one being able to access your DNS records if there is a routing issue with that AS" is an appropriate use of "SHOULD". --Paul Hoffman
- [DNSOP] Siting name servers Paul Hoffman