DNS

We operate the authoritative DNS infrastructure for .nz and the second-level domains (2LDs) under .nz, such as .co.nz, .org.nz, etc.  This infrastructure is necessary to enable .nz domain names to work and consequently has to be available 100% of the time to ensure that there is never a time when .nz domain names cannot be used.

Architectural principles

To maintain this 100% availability we operate a network of nameservers within NZ and use two international providers of a global network of nameservers.  The DNS protocol makes this easier by automatically routing around failure and we enhance that by using a technology called anycast on some nameservers that makes multiple servers appear as one.

This architecture provides both geographical diversity (both nationally and internationally) and topological (network) diversity.  The geographical and topological diversity ensures that while some servers may cease to be available at any given time, the routing will allow for continued access to the .nz domain name service, thereby eliminating single points of failure.

In addition to we operate on the principle of 'genetic diversity', whereby we deliberately use different hardware, different operating systems and different nameserver software across our entire nameserver provision.  This is quite different from normal IT operations where every effort is made to standardise hardware and software to reduce costs, but taking this approach isolates any fault inherent in particular hardware or software to only a segement of our nameservers.