I run my own #nameservers or #DNS if you will, and have done so for over 25 years. Initially based on #BIND (aka named) but I later moved to #PowerDNS, There are numerous frontends of varying quality available for PowerDNS. I have opinions on those, but this isn't about them.

For the secondary name servers (in the old and less enlightened days known as slaves) I've always run the same software as the primary. First BIND, then PowerDNS. Recently though, I've been testing out what appears to be a much simpler alternative: #NSD by #Amsterdam based NLnet Labs.

Using #CatalogZones - a new concept to me - I'm able to run secondaries with TSIG notifies and zone transfers as well as fully supported primary signed DNSSEC with a configuration of only 40 lines. No updates needed when adding or removing zones.

For this to work well though, some configuration is required for each zone on the primary. With a little trigger and function magic, this can be automized by the database.

Wheee!

Fancy, the authoritative nameservers for the xyz. TLD are as follows:

How fun. I never thought of the #TLD as being a pun to demographic cohorts.

#DNS #ICANN #nameservers

Just scraping the #IANA assigned TLDs and the corresponding documented #nameservers. What I don't get is, why so many companies apply for a #TLD. It's not particularly cheap to apply for one of those ngTLDs, yet compared to the company sizes, it's probably pennies. Is it a prestige investment? Is it a digital resource to grab, before someone else does it?

Other than #Microsoft, #Google, and #AWS, I've rarely seen any ngTLD representing a corporation's name to actually be used in practice.

Does anyone in the #infosec community share their view?

#askfedi #askmasto #askinfosec #DNS

bgp.tools being served via 13 authoritative name servers (via 3 different providers + in house NS):

```
$ dig +short ns bgp.tools
ns1.exoscale.ch.
ns-721.awsdns-26.net.
ns-1329.awsdns-38.org.
ns4-35.azure-dns.info.
ns3-35.azure-dns.org.
ns1.exoscale.io.
ns-302.awsdns-37.com.
ns-1799.awsdns-32.co.uk.
ns1.exoscale.net.
ns1-35.azure-dns.com.
ns2-35.azure-dns.net.
ns1.exoscale.com.
backup-ns.bgp.tools.
```

#bgptools #nameservers #dns

In January 2023, #Cloudflare replaced #Verisign in providing #DNS #registry services for the .gov #TLD. Besides the registry, they also run the authoritative #nameservers.

Verisign ran it for 12 years, and cost the #US #government apparently just half as much as Cloudflare charges ($7.2M).

Verisign loses prestive .gov contract to Cloudflare

Recently made the transition to self hosting authoritative name servers. Wrote a bit of secondary options available for it and the experience itself https://blog.sahilister.in/2025/07/secondary-authoritative-name-server-options-for-self-hosted-domains/

Didn't found the process too hard TBF, worth a try.

#authoritative #nameservers #dns #domains

Case of (broken) maharashtra.gov.in Authoritative Name Servers https://blog.sahilister.in/2025/06/case-of-broken-maharashtra.gov.in-authoritative-name-servers/

TLDR they're broken on multiple levels. Sync broken, RFC 1918 address, each NS giving different response - there's too much going on.

#dns #authoritative #nameservers #india

Good enough amount of name servers :P
```
$ dig ns sahil.rocks +short
ns2.afraid.org.
marvin.sahilister.net.
ns1.1984.is.
ns0.1984.is.
ns3.jing.rocks.
colin.sahilister.net.
puck.nether.net.
ns2.albony.in.
ns-global.kjsl.com.
ns4.he.net.
ns5.he.net.
```

#dns #authoritative #nameservers