Lastly,why would clients not by default question the next name server in the list when one is down?

这正是递归服务器在与权威服务器交谈时所做的事情.如果您感兴趣,RFC 1035 §7.2描述了整个过程,但以下摘录最直接相关：

The key algorithm uses the state information of the request to select the next name server address to query,and also computes a timeout which will cause the next action should a response not arrive. The next action will usually be a transmission to some other server,but may be a temporary error to the client.

[snip]

• If a resolver gets a server error or other bizarre response from a name server,it should remove it from SLIST,and may wish to schedule an immediate transmission to the next candidate server address.

在选择权威服务器时考虑了一些其他因素,例如基于先前通信历史的观察响应时间.如果您感兴趣,它就在RFC中.

确保您不受名称服务器不可达性影响的关键在于BCP 16.特别是,Section 3.1规定：

Secondary servers must be placed at both topologically and
geographically dispersed locations on the Internet,to minimise the
likelihood of a single failure disabling all of them.

That is,secondary servers should be at geographically distant
locations,so it is unlikely that events like power loss,etc,will
disrupt all of them simultaneously. They should also be connected to
the net via quite diverse paths. This means that the failure of any
one link,or of routing within some segment of the network (such as a
service provider) will not make all of the servers unreachable.

这是为了说明您的域的弹性受到网络或物理站点上的单点故障的严重影响.理想的状态是拥有多个权威的名称服务器,这些服务器名称服务器不会受到其他人所经历的网络或物理状态的任何变化的影响.