[dns-operations] Too Open (Was: OpenDNS makes your Internet work better
Rodney Joffe
rjoffe at centergate.com
Wed Jul 12 15:34:07 UTC 2006
On Jul 12, 2006, at 1:03 AM, Brad Knowles wrote:
>
> IIRC, OpenDNS is using anycast routing tricks, right? Didn't we have
> a knock-down, drag-out fight a while back over the evil that we've
> seen happen with other pure-anycast TLD operators? I mean, I know
> that some of the root servers are doing anycast, but there are other
> root servers that are pure unicast, and that should hopefully resolve
> the routing weirdness issues for them.
>
> Or am I mis-remembering things?
I believe so. Could you perhaps expand on your belief that a pure
anycast TLD implementation is evil?
>
>
> Certainly, my current routing path to both advertised IP addresses
> appears to be exactly the same. If they wanted to try to avoid
> routing weirdnesses, wouldn't they want to set those up in two
> separate ASes, so that those two machines don't appear to be
> operating from the same subnet?
H'mmm. Perhaps you could explain how using two different AS's affects
anything at all operationally. And what "appear" means in operational
terms or effect? Please also use 204.74.112.1 and 199.7.66.1 as a
working example, and describe the effects of separate AS's on those 2
addresses. And perhaps how it would differ between 204.74.112.1 and
204.74.113.1?
Also could you define "the same subnet"?
>
> I also notice that the registered nameservers for OpenDNS within the
> .com zone are from everydns.net (which makes sense, since David
> created EveryDNS a few years back), although they are reasonably well
> distributed topologically (addresses owned by PSInet, Hurricane
> Electric, ProServe Networks in the Netherlands, and Defender
> Technologies Group LLC). Not a real problem, but for a company that
> is supposed to be selling itself as the world leader in this field,
> it seems to me that this is something they'd want to have within
> their own domain.
H'mmm again. ..."something they'd want to have within their own
domain?" Could you be more specific? What do you mean? And why?
I'm always interested in learning.
Thanks
/rlj
More information about the dns-operations
mailing list