10

Let’s say you register with a provider and you are given the following NS records:

Name Server: NS18.EXAMPLE.COM
Name Server: NS8.EXAMPLE.COM

Could you add these to increase resilience without having any negative consequences?

Name Server: ns4.google.com
Name Server: ns2.google.com
Name Server: ns3.google.com
Name Server: ns1.google.com
TRiG
  • 1,167
  • 2
  • 13
  • 30
Ulukai
  • 829
  • 2
  • 10
  • 28

2 Answers2

17

You can add as many DNS servers as NS records for a domain, but they need to fulfill two conditions:

  • They must host an authoritative copy of the DNS zone
  • They must be kept in sync

So, no, you can't add any random DNS server around the world (such as Google's ones), because they would not be authoritative for that zone and so they could not act as DNS servers for it (unless Google actually is your DNS provider, which doesn't seem to be the case).

But you can add as many DNS servers as you want, as long as they actually are properly configured authoritative DNS servers for that zone; they can reside anywhere you want: on your network, on a cloud VM, on a hosted service... just make sure to keep them in sync, either using a standard primary-secondary zone setup or a replication system (such as Active-Directory-integrated DNS does).

Massimo
  • 68,714
  • 56
  • 196
  • 319
  • 2
    I've seen some very weird things resulting from when people ignore the authoritative requirement, such as a .gov website including OpenDNS as their #3 backup. Good times. It's also important to keep the [BCP 16](https://tools.ietf.org/html/bcp16#section-3.1) recommendations in mind when planning where your DNS servers are located, or [bad things will happen](http://serverfault.com/questions/710108/why-is-geo-redundant-dns-necessary-for-small-sites). – Andrew B Mar 02 '16 at 00:08
4

Unless the nameservers provide authoritive answers to queries there is no increased resiliency. Make sure that every associated dns server hosts a copy of the zone on its own.

MadHatter
  • 78,442
  • 20
  • 178
  • 229
Daniel Nachtrub
  • 1,022
  • 7
  • 12
  • http://www.noip.com/blog/2011/04/08/anatomy-of-a-zone-file-part-two-what-are-ns-records-and-why-are-they-important-to-dns/ This article leads you to believe that adding more NS record increases resilience, but the example shown shows only DN entries that belong to the same company. I don't know how to make google host a copy of the zone like you mentioned – Ulukai Mar 01 '16 at 22:16
  • the same company may of course host the zone. it may even be the same metal. its just wiser to use different services on different hardware and best on different locations to get high availability. – Daniel Nachtrub Mar 01 '16 at 22:27