The ASN, Autonomous System Number, residence check determine which ASN the name servers IP addresses are registered to.
DNSmonitor KB - DNS check KB

ASN residence check

The ASN, Autonomous System Number, residence check determine which ASN the name servers IP addresses are registered to.

The purpose of this check is to provide the domain owner with relevant information about in which ASN's the DNS servers IP addresses reside. Simplified, the ASN is used to represent routing prefixes in BGP routing, typically between ISP's and Internet exchange points.

Overload attacks against a single ISP or a service provider should not have to render your DNS infrastructure incapable of responding to DNS queries. A good DNS infrastructure design takes this into consideration and spread the DNS servers across multiple ASN's.

For more information about how the ASN works the Wikipedia article Autonomous System is a good place to start.

Note. This check does not affect the Availability metric.

Event severities and messages

WARNING

All name servers reside inside the same AS network. This can make the name server infrastructure vulnerable!

The risk of suffering collateral damage and likely impair the ability to respond to DNS queries in case of an attack against the ASN increases exponentially as the DNS Servers all reside inside this network.

UNKNOWN

Unable to perform check due to input data failure.

When this message appear usually one of the queries leading up to the final query have received an empty or garbled query response. Please report this through the normal support channel.

Corrupt or malformed response from nameserver.

The check received a query response with unreadable data fields. Please report this through the normal support channel.

Unexpected response from server with a response code.

The check failed with an unexpected return code. This is a very unusual message and should be looked at separately. Please report this through the normal support channel.

Solutions, tips & tricks

When designing, or redesigning, a DNS infrastructure one have to calculate the risk of placing all DNS Servers inside the same AS network. By relocating at least one DNS server on a different, separate ASN the risk of impairing the DNS capability is reduced.

When planning for a highly available DNS infrastructure it make sense to do some research to find out how and which ASN's are connected to find a solution that fits your design. A good place to start is to visit the Team Cymru website.