Re: [cobalt-users] DNS woes

["Steve Werby" <steve-lists@xxxxxxxxxxxx>]

"Gerald Waugh" <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
> You can get by with another IP address on your server, and using that for
> ns2. Most registrars require two nameservers, and in most cases must be
> reachable.
>
> Although ns2 should really be on a different network, and a
> different geographical location

To elaborate on what Gerald said, you should have at least one name server
on a different physical network.  There are many reasons why, but in short
as long as at least one authoritative name server is reachable, services
will be able to query the name server for the resource record (DNS record),
will then try to connect to the IP pointed to by the hostname in the RR and
if that hostname is unreachable they'll consider it *temporarily*
unreachable.  If none of your authoritative name servers are reachable the
service may assume that the hostname either really doesn't exist or is
permanently unreachable.  The result is that email can go undelivered,
search engines may drop sites on your server from their indexes and web
pages will be reported as non-existent.  If you are "tricking" the world
into thinking you have 2 name servers by putting them on the same machine,
you're not gaining the redundancy of a second name server (never mind that
since it's at the same geographic location on the same connection you're
susceptible to more failure points) and in the event of a failure other name
servers will do 2 lookups of the same unreachable box.  Like a good
backup/recovery plan and security implementation, having redundant name
servers at geographically disparate locations is a very, very good idea (and
relatively inexpensive) and though you can get away without doing it the
right way, failure to have it (or backup/recovery and security) have a way
to come back and bite you and cost more in the long run.

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/