The most rudimentary rule for the continued functioning of an Internet site is that there should always be distinct primary and secondary DNS servers supporting the domain.

Production domains should have the minimum two name servers located in different locations. The answer to the common question “Can I use multihosting to get the two name servers I require for my domain?” is a resounding “NO.” The two-server rule (which is implemented with varying degrees of thoroughness by different domain registrars) ensures that there are at least two discrete sources for DNS data.

I have seen organizations circumvent their domain registrar’s safety checks by using two DNS names that resolved to the same address. However, a single cable fault isolates their single DNS server from the Internet. This easily results in a multihour outage at the service provider-located WWW servers whose DNS names were resolved by the now-unreachable DNS server. Switching to a different DNS server requires a change to the data loaded in the root name servers, which are updated on a less frequent basis, typically several hours (not including the propagation delay between an update made at a zone’s registrar and the root servers, depending upon the day of the week and the registrar). Therefore the disappearance of the DNS service was not correctable in a timely manner and the Web site remained down until the cable fault was repaired.

Production DNS servers should be geographically dispersed. A pair of workstations located next to each other and plugged into the same power strip is a fool’s dispersion; all but the most trivial incidents will render both servers unavailable. Achieving geographic diversity is neither difficult nor expensive. It does not require resorting to a DNS server provided by a separate hosting service or by an ISP (although a hosting- or ISP-provided DNS server is certainly a possible alternative). A field office or sister organization can easily provide the few cubic feet and kilobytes per hour - yes, per hour - required to domicile an alternate DNS server. The system can be managed remotely. Reciprocal arrangements between organizations (I will host a secondary on my name server if you host my secondary on yours) are even simpler. Providing a separate DSL circuit for the use of the alternate DNS server is much cheaper to an enterprise than losing its name-resolution services (i.e., effectively having one’s entire domain disconnected from the Internet).

M. E. Kabay, PhD, CISSP-ISSMP, is Program Director of the Master of Science in Information Assurance program at Norwich University.