On 7 Apr 2016, at 13:57, Romeo Zwart <romeo.zwart@ripe.net> wrote:
However, to be better prepared for extreme traffic floods, we will work with an external party to provide additional DNS service capacity for serving the ripe.net zone.
Romeo, this is great news! IMO, “outsourcing” some DNS hosting to complement the NCC’s DNS operations is a Very Good Thing for the reasons you mentioned: more diversity and capacity, extra resilience to withstand DDoS attacks, sharper focus on “core” activities, etc. It should also mean a clearer separation between the NCC’s core DNS (and other key services) and stuff that’s peripheral or irrelevant to the NCC’s mission. That should also reduce the risks from collateral damage. Have you given any thought to adding a third (anycast?) DNS hosting option? ie Highest priority: K root Medium priority: .arpa stuff (and ripe.net?) Lowest priority: best efforts slave service for deserving ccTLDs Each of these might or might not include an outsourced component from a reliable DNS hosting provider. Just sayin’...