- Impact
- 48,109
DNS Nameservers: Service Platforms and Resilience
By Geoff Huston, February 2025
Last year, in December, I looked at the behaviour of DNS recursive resolvers from the perspective of optimising performance and resilience of name resolution. When given a choice of nameservers to use to query for a particular name within a domain will the resolver try to make an “optimal” choice? Will it gravitate towards using the nameserver that is the fastest to answer its queries? Or will it show no such efforts to optimise name resolution performance? The study looked at the behaviour of DNS recursive resolvers and used a large-scale measurement exercise to conclude that these days you just can’t rely on the recursive resolver’s server selection algorithm to make an optimal selection. Now if a zone is being served by a set of unicast authoritative nameservers this is a significant concern. Why go to all the trouble and expense to set up secondary nameservers across the entire Internet if recursive resolvers will just pick any server to query?
If name resolution performance and resilience is an important consideration, then the DNS service operator needs to look to an anycast nameserver solution, preferably with a highly diverse collection of points of presence within the anycast constellation. The study also suggested that the optimal approach for a domain when considering both performance and operational resilience is for the domain to be served by at least two distinct dual-stack diverse (and dense) anycast nameservers, but once you are using two such anycast platforms the additional benefits of adding more anycast service platforms to the mix is marginal.
Given these considerations, how do we provision DNS nameservers today? Are we still using dispersed unicast nameservers? Or are nameservers provisioned using multiple anycast platforms? Let’s look at a two quite different collections of domain names and see how they are served.
Read more:
https://www.potaroo.net/ispcol/2025-02/nameservers.html
By Geoff Huston, February 2025
Last year, in December, I looked at the behaviour of DNS recursive resolvers from the perspective of optimising performance and resilience of name resolution. When given a choice of nameservers to use to query for a particular name within a domain will the resolver try to make an “optimal” choice? Will it gravitate towards using the nameserver that is the fastest to answer its queries? Or will it show no such efforts to optimise name resolution performance? The study looked at the behaviour of DNS recursive resolvers and used a large-scale measurement exercise to conclude that these days you just can’t rely on the recursive resolver’s server selection algorithm to make an optimal selection. Now if a zone is being served by a set of unicast authoritative nameservers this is a significant concern. Why go to all the trouble and expense to set up secondary nameservers across the entire Internet if recursive resolvers will just pick any server to query?
If name resolution performance and resilience is an important consideration, then the DNS service operator needs to look to an anycast nameserver solution, preferably with a highly diverse collection of points of presence within the anycast constellation. The study also suggested that the optimal approach for a domain when considering both performance and operational resilience is for the domain to be served by at least two distinct dual-stack diverse (and dense) anycast nameservers, but once you are using two such anycast platforms the additional benefits of adding more anycast service platforms to the mix is marginal.
Given these considerations, how do we provision DNS nameservers today? Are we still using dispersed unicast nameservers? Or are nameservers provisioned using multiple anycast platforms? Let’s look at a two quite different collections of domain names and see how they are served.
Read more:
https://www.potaroo.net/ispcol/2025-02/nameservers.html
Last edited:
