A Look at .UA ccTLD Authoritative Name Servers

June 15, 2025

I find the case of the .UA country code top level domain (ccTLD) interesting simply because of the different name server secondaries they have now. Post Russian invasion, the cyber warfare peaked, and critical infrastructure like getting one side ccTLD down would be big news in anycase.

Most (g/cc)TLDs are served by two (and less likely) by three or more providers. Even in those cases, not all authoritative name servers are anycasted.

Take, example of .NL ccTLD name servers:

$ dig ns nl +short
ns1.dns.nl.
ns3.dns.nl.
ns4.dns.nl.

ns1.dns.nl is SIDN which also manages their registry. ns3.dns.nl is ReCodeZero/ipcom, another anycast secondary. ns4.dns.nl is CIRA, anycast secondary. That’s 3 diverse, anycast networks to serve the .NL ccTLD. .DE has a bit more at name servers at 6 but only 3 seems anycasted.

Now let’s take a look at .UA. Hostmaster LLC is the registry operator of the .UA ccTLD since 2001.

$ dig soa ua +short
in1.ns.ua. domain-master.cctld.ua. 2025061434 1818 909 3024000 2020

Shows in1.ns.ua as primary nameserver (which can be intentionally deceptive too).

I used bgp.tools for checking anycast and dns.coffee for timeline of when secondary nameserver was added. dns.coffee only has data going back till 2011 though.

Let’s deep dive at who’s hosting each of the name servers:

in1.ns.ua by Intuix LLC

74.123.224.40
2604:ee00:0:101:0:0:0:40
unicast
Serving .UA since 13/12/2018.
Company by Dmitry Kohmanyuk and Igor Sviridov who’re administrative and technical contacts for .UA zone as well as the IANA DB.

ho1.ns.ua by Hostmaster LLC

195.47.253.1
2001:67c:258:0:0:0:0:1
bgp.tools doesn’t mark the prefix as anycast but basis test from various location, this is indeed anycasted (visible in atleast DE, US, UA etc.). Total POPs unknown.
Serving .UA atleast since 2011.
The registry themselves.

bg.ns.ua by ClouDNS

185.136.96.185 and 185.136.97.185
2a06:fb00:1:0:0:0:4:185 and 2a06:fb00:1:0:0:0:2:185
anycast
Serving .UA since 01/03/2022.
atleast 62 PoPs

cz.ns.ua by NIC.cz

185.43.134.15
2001:148f:fffd:0:0:0:0:15
anycast
atleast 11 PoPs.
Serving .UA since 29/03/2024. NIC.cz adding secondary server blog.
.CZ operator.

nn.ns.ua by Netnod

194.58.197.4
2a01:3f1:c001:0:0:0:0:53
anycast
atleast 80 PoPs.
Serving .UA since 01/12/2022.
Netnod has the distinction of being one of the 13 root server operator (i.root-servers.net) and .SE operator.

pch.ns.ua by PCH

204.61.216.12
2001:500:14:6012:ad:0:0:1
anycast
atleast 328 POPs.
Serving .UA atleast since 2011.
“With more than 36 years of production anycast DNS experience, two of the root name server operators and more than 172 top-level domain registries using our infrastructure, and more than 120 million resource records in service” from https://www.pch.net/services/anycast.

rcz.ns.ua by RcodeZero

193.46.128.10
2a02:850:ffe0:0:0:0:0:10
anycast
Atleast 56 PoPs via 2 different cloud providers.
Serving .UA since 04/02/2022.
sister company of nic.at (.AT operator).

Some points to note

That’s 1 unicast and 6 anycast name servers with hundreds of POPs from 7 different organizations.
Having X number of Point of Presence (POP) doesn’t always mean each location is serving the .UA nameserver prefix.
Number of POPs keeps going up or down based on operational requirements and optimizations.
Highest concentration of DNS queries for a ccTLD would essentially originate in the country (or larger region) itself. If one of the secondaries doesn’t have POP inside UA, the query might very well be served from outside the country, which can affect resolution and may even stop during outages and fiber cuts (which have become common there it seems). - Global POPs do help in faster resolutions for others/outside users though and ofcourse availability.
Having this much diversity does lessen the chance of the ccTLD going down. Theoretically, the adversary has to bring down 7 different “networks/setups” before resolution starts failing (post TTLs expiry).

sahilister's Reimagined Doodle