Authoritative DNS servers, 2 or 3?

If you have some other rationale for [having a third DNS server], please feel free to elaborate.

The most basic reason for a 3rd DNS server is to increase availability. Every DNS primer advises having at least two DNS servers, geographically dispersed, and on different networks. Nearly every DNS operator starts out with two servers in the same rack, in the same subnet. Eventually, a failure will snowball and impact the many services above DNS, teaching the operator the value of isolation.

Even with 2 servers and appropriate geographic and network redundancy, eventually, a failure (fiber cut, power failure, server crash, etc.) will have 50% of your authoritative DNS offline for an extended period. During such failures, users will notice and complain. Within a day. In decades of experience, I’ve noticed that when the DNS server count is greater than two, a DNS server can be down for weeks before the first complaint arrives. Weeks.

Unless the operator has excellent monitoring tools (a small percentage), a DNS server failure can go unnoticed for hours or days. Some failures are subtle, such as zone file corruption that causes a single zone to not get published. The third server reduces outage impact from 50% to 33% of queries that fail.

For most operators, the more common reason for 3 servers is performance. By locating  DNS servers geographically closer to users, the round-trip-time of DNS lookups is reduced. This can also be achieved with 2 DNS servers and unicast IPs (http://www.ietf.org/rfc/rfc3258.txt). For the non-unicast enabled, having three or more DNS servers accomplishes that same purpose. Three seems to be the “sweet spot.”  If you survey the most popular sites, you’ll find they usually have 3 or more NS records.

My cadillac.net DNS cluster has one DNS server in Paris. That was by request of a French client. When all 3 servers were in the USA, their French web sites “felt” slower. We fixed that by moving one DNS server to Paris. Because DNS recursors remember how fast DNS servers respond, they tend to favor those nearest, resulting in better performance for end users. The difference is measurable with network tools, but more importantly, it’s perceptible to end users.

Another of my European clients has a significant portion of their user base in the USA. They have two DNS servers in Europe and 1 on each coast of the USA, so that DNS responses are fast for everyone. In 2010, they moved a couple of their more popular domains to a premium DNS provider for week long trial. They were unable to realize the promised increase in DNS performance or web traffic despite the premium $1,500/mo for the “Enterprise” DNS service. We believe that’s because we already had DNS servers geographically near the majority of their user base.

My clients in Australia prefer a couple DNS servers in the USA and one along the Pacific rim. For the same reason.

For most providers, the majority of their DNS traffic is local, covering less than 1,000km geographically. In those cases, the remainder may not be worth optimizing for. When it is, having a DNS server you can locate nearer your users can deliver substantial performance improvements.

Having three DNS servers, especially when each is in a different data center and different networks, identifies you as an experienced DNS operator that understands why you’d want number 3.

Leave a Reply

Your email address will not be published. Required fields are marked *