Are homogenic nameserver names a single point of failure?

  • Amazon Cloudfront spreads domains used for nameservers quite a lot:
cloudfront.net. 172800 IN NS ns-666.awsdns-19.net.
cloudfront.net. 172800 IN NS ns-418.awsdns-52.com.
cloudfront.net. 172800 IN NS ns-1597.awsdns-07.co.uk.
cloudfront.net. 172800 IN NS ns-1306.awsdns-35.org.
$ kdig IN AAAA example.udp53.cz.
$ kdig AAAA example.udp53.cz. @2001:503:ba3e::2:30
;; AUTHORITY SECTION:
cz. 172800 IN NS a.ns.nic.cz.
[...]
;; ADDITIONAL SECTION:
a.ns.nic.cz. 172800 IN A 194.0.12.1
a.ns.nic.cz. 172800 IN AAAA 2001:678:f::1
[...]
$ kdig AAAA example.udp53.cz. @2001:678:f::1
;; AUTHORITY SECTION:
udp53.cz. 3600 IN NS trubka.network.cz.
udp53.cz. 3600 IN NS master.dns.rocks.
;; ADDITIONAL SECTION:
trubka.network.cz. 3600 IN A 81.91.84.116
trubka.network.cz. 3600 IN AAAA 2001:1568:b:145::1
trubka.network.cz. 3600 IN AAAA 2001:1568:b::145
[...]
$ kdig AAAA master.dns.rocks. @2001:503:ba3e::2:30
;; AUTHORITY SECTION:
rocks. 172800 IN NS demand.beta.aridns.net.au.
rocks. 172800 IN NS demand.alpha.aridns.net.au.
rocks. 172800 IN NS demand.delta.aridns.net.au.
rocks. 172800 IN NS demand.gamma.aridns.net.au.
;; ADDITIONAL SECTION:
demand.alpha.aridns.net.au. 172800 IN A 37.209.192.7
[...]
$ kdig AAAA demand.alpha.aridns.net.au. @2001:503:ba3e::2:30
;; AUTHORITY SECTION:
au. 172800 IN NS a.au.
[...]
;; ADDITIONAL SECTION:
a.au. 172800 IN A 58.65.254.73
a.au. 172800 IN AAAA 2407:6e00:254:306::73
[...]
$ kdig AAAA demand.alpha.aridns.net.au. @2407:6e00:254:306::73
;; AUTHORITY SECTION:
net.au. 86400 IN NS x.au.
[...]
;; ADDITIONAL SECTION:
x.au. 86400 IN A 37.209.194.5
x.au. 86400 IN AAAA 2001:dcd:2::5
[...]
$ kdig AAAA demand.alpha.aridns.net.au. @2001:dcd:4::5
;; AUTHORITY SECTION:
aridns.net.au. 14400 IN NS ari.alpha.aridns.net.au.
[...]
;; ADDITIONAL SECTION:
ari.alpha.aridns.net.au. 14400 IN AAAA 2001:dcd:1::2
ari.alpha.aridns.net.au. 14400 IN A 37.209.192.2
[...]
$ kdig IN AAAA demand.alpha.aridns.net.au. @2001:dcd:1::2
;; ANSWER SECTION:
demand.alpha.aridns.net.au. 172800 IN AAAA 2001:dcd:1::7
$ kdig IN AAAA master.dns.rocks. @2001:dcd:1::7
;; AUTHORITY SECTION:
dns.rocks. 86400 IN NS trubka.network.cz.
dns.rocks. 86400 IN NS master.dns.rocks.
;; ADDITIONAL SECTION:
master.dns.rocks. 86400 IN AAAA 2a01:5f0:c001:113:a::10
master.dns.rocks. 86400 IN A 89.187.130.10
$ kdig AAAA example.udp53.cz. @2a01:5f0:c001:113:a::10
;; ANSWER SECTION:
example.udp53.cz. 60 IN CNAME example.udp53.cz.s3-website-us-east-1.amazonaws.com.
$ kdig AAAA example.udp53.cz.s3-website-us-east-1.amazonaws.com. @2001:503:ba3e::2:30
;; AUTHORITY SECTION:
com. 172800 IN NS a.gtld-servers.net.
[...]
$ kdig AAAA example.udp53.cz.s3-website-us-east-1.amazonaws.com. @2001:503:a83e::2:30
;; AUTHORITY SECTION:
amazonaws.com. 172800 IN NS u1.amazonaws.com.
amazonaws.com. 172800 IN NS u2.amazonaws.com.
amazonaws.com. 172800 IN NS r1.amazonaws.com.
amazonaws.com. 172800 IN NS r2.amazonaws.com.
;; ADDITIONAL SECTION:
u1.amazonaws.com. 172800 IN A 156.154.64.10
u2.amazonaws.com. 172800 IN A 156.154.65.10
r1.amazonaws.com. 172800 IN A 205.251.192.27
r2.amazonaws.com. 172800 IN A 205.251.195.199
$ kdig AAAA example.udp53.cz.s3-website-us-east-1.amazonaws.com. @156.154.64.10
;; AUTHORITY SECTION:
s3-website-us-east-1.amazonaws.com. 1800 IN NS ns-1133.awsdns-13.org.
s3-website-us-east-1.amazonaws.com. 1800 IN NS ns-1919.awsdns-47.co.uk.
s3-website-us-east-1.amazonaws.com. 1800 IN NS ns-490.awsdns-61.com.
s3-website-us-east-1.amazonaws.com. 1800 IN NS ns-661.awsdns-18.net.
$ kdig AAAA ns-1919.awsdns-47.co.uk. @2001:503:ba3e::2:30
;; AUTHORITY SECTION:
uk. 172800 IN NS nsa.nic.uk.
;; ADDITIONAL SECTION:
nsa.nic.uk. 172800 IN A 156.154.100.3
nsa.nic.uk. 172800 IN AAAA 2001:502:ad09::3
$ kdig AAAA ns-1919.awsdns-47.co.uk. @2001:502:ad09::3
;; AUTHORITY SECTION:
awsdns-47.co.uk. 172800 IN NS g-ns-367.awsdns-47.co.uk.
[...]
;; ADDITIONAL SECTION:
g-ns-367.awsdns-47.co.uk. 172800 IN AAAA 2600:9000:5301:6f00::1
g-ns-367.awsdns-47.co.uk. 172800 IN A 205.251.193.111
$ kdig IN AAAA ns-1919.awsdns-47.co.uk. @2600:9000:5301:6f00::1
;; ANSWER SECTION:
ns-1919.awsdns-47.co.uk. 172800 IN AAAA 2600:9000:5307:7f00::1
$ kdig AAAA example.udp53.cz.s3-website-us-east-1.amazonaws.com. @2600:9000:5307:7f00::1
;; ANSWER SECTION:
example.udp53.cz.s3-website-us-east-1.amazonaws.com. 60 IN CNAME s3-website-us-east-1.amazonaws.com.
$ kdig AAAA ns-661.awsdns-18.net. @2001:503:ba3e::2:30
;; AUTHORITY SECTION:
net. 172800 IN NS a.gtld-servers.net.
[...]
$ kdig AAAA ns-661.awsdns-18.net. @2001:503:a83e::2:30
;; AUTHORITY SECTION:
awsdns-18.net. 172800 IN NS g-ns-467.awsdns-18.net.
[...]
$ kdig AAAA ns-661.awsdns-18.net. @2600:9000:5301:d300::1
;; ANSWER SECTION:
ns-661.awsdns-18.net. 172800 IN AAAA 2600:9000:5302:9500::1
$ kdig AAAA s3-website-us-east-1.amazonaws.com. @2600:9000:5302:9500::1
;; AUTHORITY SECTION:
s3-website-us-east-1.amazonaws.com. 900 IN SOA ns-1919.awsdns-47.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
$ kdig +norec IN A s3-website-us-east-1.amazonaws.com. @2600:9000:5302:9500::1
;; ANSWER SECTION:
s3-website-us-east-1.amazonaws.com. 5 IN A 52.216.17.18
$ kdig AAAA www.nic.cz @2001:503:ba3e::2:30
;; AUTHORITY SECTION:
cz. 172800 IN NS a.ns.nic.cz.
cz. 172800 IN NS b.ns.nic.cz.
cz. 172800 IN NS c.ns.nic.cz.
cz. 172800 IN NS d.ns.nic.cz.
;; ADDITIONAL SECTION:
a.ns.nic.cz. 172800 IN A 194.0.12.1
b.ns.nic.cz. 172800 IN A 194.0.13.1
c.ns.nic.cz. 172800 IN A 194.0.14.1
d.ns.nic.cz. 172800 IN A 193.29.206.1
a.ns.nic.cz. 172800 IN AAAA 2001:678:f::1
b.ns.nic.cz. 172800 IN AAAA 2001:678:10::1
c.ns.nic.cz. 172800 IN AAAA 2001:678:11::1
d.ns.nic.cz. 172800 IN AAAA 2001:678:1::1
$ kdig AAAA www.nic.cz @2001:678:f::1
;; QUESTION SECTION:
;; www.nic.cz. IN AAAA
;; ANSWER SECTION:
www.nic.cz. 1800 IN AAAA 2001:1488:0:3::2

--

--

--

Fellow at CZ.NIC

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Infrastructure as a Code using Terraform: Deploy WordPress on Public Subnet and MySQL on Private…

A Guide for User Acceptance Testing

How to create your own OS #8

Tales of a #SurfaceGopher — How I take notes as I code

Setup CI / CD with GitLab

What is “Agile” and is it right for my organization?

Learning for Microsoft Azure Fundamentals (1) Load Balancers Notes

New In: No-code cloud management workflows for Azure, VMware & Private Cloud (in addition to AWS)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ondřej Surý

Ondřej Surý

Fellow at CZ.NIC

More from Medium

aws_elastic_lb & aws_elastic_ip

Save Your Time With AMI Cleanup Pipeline

DevSecOps- What?, Why? & How?

AWS — Configure a lambda function inside a VPC with internet access