[dns-operations] Too Open (Was: OpenDNS makes your Internet work better
Rodney Joffe
rjoffe at centergate.com
Fri Jul 14 02:51:11 UTC 2006
On Jul 13, 2006, at 4:35 PM, Brad Knowles wrote:
> At 4:27 PM -0700 2006-07-13, Bill Woodcock wrote:
Hopefully Woody doesn't mind the fact that you posted publicly and
included an apparent private reply from him. But hey, none of my
business ;-). Nevertheless...
>
>> Anybody who goes to the trouble of deploying an anycast network
>> would
>> presumably not deviate so far from established practice as to shoot
>> themselves in the foot in the manner you hypothesize. In a finished
>> production environment.
>
> UltraDNS is the real-world counter-example. They deployed an
> operational network as a TLD operator, and as a domain outsourcing
> company hosting thousands upon thousands of domains, they did it in a
> anycast-only manner, and then they proceeded to have various clusters
> break at different times.
H'mmm. Do you then mean that if UltraDNS had deployed in a unicast-
only manner, then various clusters would not have broken at different
times? Or did you mean that if UltraDNS had deployed in a mixture of
unicast and anycast, various clusters would not have broken at
different times? Or are you suggesting that if UltraDNS had deployed
in something other than anycast only, when various clusters broke at
different times, there would have been less effect felt than if it
was all anycast?
Could you explain how anycast vs anycast/unicast combo vs. unicast
only differ in their effects when clusters break? Could you also
explain what you mean by a broken cluster?
>
> For those parts of the Internet that were served by those broken
> clusters, all zones hosted by UltraDNS (including their TLDs) were
> completely unreachable.
I'll forgive your confusion over the difference between zones being
unreachable and zones being unresolvable, and clusters being
unreachable. But I'd like you to identify those periods when parts
of the Internet were served by broken clusters and as a result all
zones hosted by UltraDNS were completely unresolvable. And
particularly what anycast had to do with these instances (which I
*think* is the point you're trying to make, but at this stage I may
be completely off in the weeds). Hopefully, in this case, you're
actually passing an opinion based on your experience of this, and not
on second or third party reports from people who seemed to see
things, but could not substantiate what they had seen in any way. Yes?
>
>
> So far as I know, they continue to operate in this very same mode
> today.
Given the comprehensive display of your clue level regarding anycast
and routing, I have no doubt this is the case. And I won't even ask
you what you mean by "this very same mode". I'm concerned that
grokking your explanation would "really" make my head hurt.
More information about the dns-operations
mailing list