IPv4 Provider Diversity

What This Check Does

The IPv4 Provider Diversity check verifies that your active nameserver IPv4 addresses are hosted by more than one DNS provider or hosting company. If all your nameservers are operated by a single provider, a provider-level outage becomes a total DNS outage for your domain.

DNS Spy identifies the hosting provider for each nameserver IPv4 address using ASN (Autonomous System Number) data and verifies that at least two different providers are represented.

Why It Matters

Even the largest DNS providers experience outages. The 2016 Dyn DDoS attack, the 2021 Akamai outage, and numerous other incidents have shown that relying on a single DNS provider is a significant risk. When your sole provider goes down, your entire domain becomes unreachable — no website, no email, no services.

Using multiple DNS providers (multi-provider DNS) ensures that a single provider outage does not cause total DNS failure. This is considered a best practice for any domain that requires high availability.

NIST SP 800-81, Section 3.3, recommends diversifying nameserver infrastructure to avoid single points of failure. Provider diversity is a key component of this recommendation.

NIST SP 800-81 Compliance

Section 3.3 of the NIST Secure DNS Deployment Guide emphasizes avoiding concentration of DNS infrastructure with a single provider. DNS Spy automates this compliance check by identifying hosting providers via ASN data and verifying multi-provider deployment, as recommended by NIST.

Good vs. Bad Configuration

Bad Configuration

All nameservers are hosted by a single provider (e.g., ns1.provider.com and ns2.provider.com both on the same provider's network). A provider-wide outage takes down all DNS for your domain.

Good Configuration

Nameservers are split across providers: ns1.cloudflare.com and ns2.cloudflare.com (Cloudflare) plus ns1.awsdns.com (AWS Route 53). A single provider outage leaves your domain operational via the other provider.

How DNS Spy Monitors This

DNS Spy identifies the hosting provider for each nameserver IPv4 address using ASN data during every monitoring cycle. If all nameservers belong to the same provider, an alert is triggered. Changes in provider assignment are tracked over time to ensure diversity is maintained.