domains “0.35% of name servers are responsible for 90% of all domain names”

[equity78]

Chris Duckett published an interesting article over at ZDNet on just how few name servers are responsible for the majority of domain names. The article illustrates the potential problems for outages as many opt for a convenient cloud based solution vs your own server. Sans Institute dean of research Johannes Ullrich looked into how many of the world's 2.7 million authoritative name servers it … [Read more...]

 

[tonyk2000]

Zdnet... The author(s) of this article are not tech savvy enough. They are discussing the things without a full picture, and are missing a lot. But, we are the pros here Proper setup of a mission-critical dns is not obvious. To begin with, one should understand what are Anycast DNS, dnssec and secondary dns:

https://en.wikipedia.org/wiki/Anycast

https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions

https://dnsmadeeasy.com/services/secondarydns/

The following extra info may be helpful:

https://www.amazon.com/Managing-Mission-Critical-Demystifying-nameservers-ebook/dp/B07F71QMFM/

https://www.godaddy.com/hosting/premium-dns

https://easydns.com/blog/2020/07/20...-a-single-point-of-failure-called-cloudflare/

https://easydns.com/blog/2012/09/18/secondary-dns-from-godaddy-things-to-know/

 

[jmcc]

Zdnet... The author(s) of this article are not tech savvy enough.

It is a fairly complex field and it requires a level of knowledge beyond that of the typical technology journalist. With .COM, approximately 0.83% of hosting firms host 92.37% of .COM domain names. Duckett seems to conflate what Ulrich was describing (DNS topology and concentration) with the Cloudflare outage. There is also the phenomenon of one hit wonders where a set of namesevers will be handling one domain (its own). That's something that arose with nameservers that are auto-generated by control panels.

They are discussing the things without a full picture, and are missing a lot.

There is massive outsourcing of DNS as a service and many of the large operations such as Wix.com and others don't handle DNS for many of their own customers.

Regards...jmcc

 

[RogueWriter]

Thanks for the post, interesting.

 

[Mytz.com]

Thanks for sharing

 

[tonyk2000]

Right now (Sunday Aug 30th) we have a live example of why proper DNS setup is important.
In light of
https://www.namepros.com/threads/is...rt-by-phone-or-chat-for-over-an-hour.1206145/
and
https://www.namepros.com/threads/no-more-handreg-domains.1206142/

the following words of wisdom come to play:

Dual DNS Providers
When you use more than one provider, you actually double the number of nameserver sets authoritative for your domains. If one of the providers were to be unavailable, resolving nameservers would only send query traffic to the available nameserver set. All of this happens automatically with no appreciable effects to end users.

Benefits of Secondary DNS
Secondary DNS can actually improve page load times. Resolving nameservers will start to prefer the provider that responds the fastest.

That means queries will more often be served to the better performing provider and over time improve resolution times. Think of all the parts of your business that have redundancies. Secondary DNS is simply a safeguard that all Internet-dependant businesses should use.

(source: https://dnsmadeeasy.com/services/secondarydns/ )

Shortly, with a proper setup of critical dns infrastructure (including anycast dns if available), as well as using 2 or more independent e-mail providers (or 2 or more independent internet connections if the things are hosted in-house), a critical domain will likely still receive e-mails in case of outages like the one of today.

As for critical website global accessibility, it is another issue, which by itself is not 100% or directly connected with dns resolution, so I would not complicate this thread for now Just a short observation - at least some problematic websites are actually UP and accessible now, but their DNS servers are not accessible for some visitors. So we cannot reach these websites, because they did not set their DNS with resiliency and reliability ...

 

[ecomslice]

I trust Tony.