Quoting Andrew McGlashan (andrew.mcglashan@affinityvision.com.au):
On 03/10/18 14:28, Rick Moen via luv-talk wrote:
RFC2182 section 5 recommends minimum 3, maximum 7 authoritative nameservers for a domain, so five is pretty good.
RECOMMEND ....
{sigh} Oh, here we go. Someone just has to justify thin nameservice. Here's the RFC wording: The DNS specification and domain name registration rules require at least two servers for every zone. That is, usually, the primary and one secondary. While two, carefully placed, are often sufficient, occasions where two are insufficient are frequent enough that we advise the use of more than two listed servers. Various problems can cause a server to be unavailable for extended periods - during such a period, a zone with only two listed servers is actually running with just one. Since any server may occasionally be unavailable, for all kinds of reasons, this zone is likely, at times, to have no functional servers at all. On the other hand, having large numbers of servers adds little benefit, while adding costs. At the simplest, more servers cause packets to be larger, so requiring more bandwidth. This may seem, and realistically is, trivial. However there is a limit to the size of a DNS packet, and causing that limit to be reached has more serious performance implications. It is wise to stay well clear of it. More servers also increase the likelihood that one server will be misconfigured, or malfunction, without being detected. It is recommended that three servers be provided for most organisation level zones, with at least one which must be well removed from the others. For zones where even higher reliability is required, four, or even five, servers may be desirable. Two, or occasionally three of five, would be at the local site, with the others not geographically or topologically close to the site, or each other. [...] Matches precisely the lessons of my professional experience, and following those words of wisdom is cheap insurance.
Minimum is two, I've never seen any problems having just two with both being on different Internet links at different locations.
I have. Getting by with only two always seems OK until the day it isn't. The 'gosh, I couldn't possibly have anticipated that' scenario typically is _not_ 'two disparate nameservers going down at the same time'. It's more like someone (or your monitoring) calls your attention to the fact that one of them has failed, so now you're down to just one with no redundancy, so you're rummaging for a replacement machine to kickstart and, before Chef can put it into service, some unrelated problem takes the second nameserver down and now all of your domains aren't being served at all except for where they're cached and not past TTL. And you think when you get done with massive firefighting and an embarrassed accounting to the CTO, 'Pity I didn't have three. Maybe those RFC authors were drawing on professional sysadmin experience, or something.'