[dns-operations] Too Open (Was: OpenDNS makes your Internet work better
Brad Knowles
brad at stop.mail-abuse.org
Thu Jul 13 23:12:33 UTC 2006
At 9:07 AM +0200 2006-07-13, Jeroen Massar wrote:
> The only problems reported with the UltraDNS setup was that at a certain
> points one of the various clusters got broken. But then you only have 1
> broken cluster out of maybe 5 visible ones, see below.
Right, but when the cluster nearest to you is broken and the routing
table forces all your packets to that IP address to be delivered to
that cluster, then all zones served by UltraDNS are broken, at least
as far as you can tell.
You don't have this issue with the root zone, because although f and
k might be anycast, there are other servers that are unicast only, so
even if your closest f and/or k cluster might be broken, you should
still be able to get to one of the other eleven machines listed as
root nameservers.
This is a much bigger problem when you have only two advertised IP
addresses for a given service, because if your nearest cluster is
broken, then both of those IP addresses are likely to be routed to
the same broken cluster, and then all of your recursive DNS service
is going to get hosed.
> Might I suggest you read up at:
> http://www.bgpexpert.com/'BGP'-by-Iljitsch-van-Beijnum/
Will do.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
Founding Individual Sponsor of LOPSA. See <http://www.lopsa.org/>.
More information about the dns-operations
mailing list