[dns-operations] Too Open (Was: OpenDNS makes your Internet work better

Brad Knowles brad at stop.mail-abuse.org
Thu Jul 13 23:12:33 UTC 2006

At 9:07 AM +0200 2006-07-13, Jeroen Massar wrote:

>  The only problems reported with the UltraDNS setup was that at a certain
>  points one of the various clusters got broken. But then you only have 1
>  broken cluster out of maybe 5 visible ones, see below.

Right, but when the cluster nearest to you is broken and the routing 
table forces all your packets to that IP address to be delivered to 
that cluster, then all zones served by UltraDNS are broken, at least 
as far as you can tell.

You don't have this issue with the root zone, because although f and 
k might be anycast, there are other servers that are unicast only, so 
even if your closest f and/or k cluster might be broken, you should 
still be able to get to one of the other eleven machines listed as 
root nameservers.

This is a much bigger problem when you have only two advertised IP 
addresses for a given service, because if your nearest cluster is 
broken, then both of those IP addresses are likely to be routed to 
the same broken cluster, and then all of your recursive DNS service 
is going to get hosed.

>  Might I suggest you read up at:
>  http://www.bgpexpert.com/'BGP'-by-Iljitsch-van-Beijnum/

Will do.

Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

  Founding Individual Sponsor of LOPSA.  See <http://www.lopsa.org/>.

More information about the dns-operations mailing list