[dns-operations] Too Open (Was: OpenDNS makes your Internet work better

Fri Jul 14 02:51:11 UTC 2006

On Jul 13, 2006, at 4:35 PM, Brad Knowles wrote:

> At 4:27 PM -0700 2006-07-13, Bill Woodcock wrote:

Hopefully Woody doesn't mind the fact that you posted publicly and  
included an apparent private reply from him. But hey, none of my  
business ;-). Nevertheless...

>
>>  Anybody who goes to the trouble of deploying an anycast network  
>> would
>>  presumably not deviate so far from established practice as to shoot
>>  themselves in the foot in the manner you hypothesize.  In a finished
>>  production environment.
>
> UltraDNS is the real-world counter-example.  They deployed an
> operational network as a TLD operator, and as a domain outsourcing
> company hosting thousands upon thousands of domains, they did it in a
> anycast-only manner, and then they proceeded to have various clusters
> break at different times.

H'mmm. Do you then mean that if UltraDNS had deployed in a unicast- 
only manner, then various clusters would not have broken at different  
times? Or did you mean that if UltraDNS had deployed in a mixture of  
unicast and anycast, various clusters would not have broken at  
different times? Or are you suggesting that if UltraDNS had deployed  
in something other than anycast only, when various clusters broke at  
different times, there would have been less effect felt than if it  
was all anycast?

Could you explain how anycast vs anycast/unicast combo vs. unicast  
only differ in their effects when clusters break? Could you also  
explain what you mean by a broken cluster?

>
> For those parts of the Internet that were served by those broken
> clusters, all zones hosted by UltraDNS (including their TLDs) were
> completely unreachable.

I'll forgive your confusion over the difference between zones being  
unreachable and zones being unresolvable, and clusters being  
unreachable.  But I'd like you to identify those periods when parts  
of the Internet were served by broken clusters and as a result all  
zones hosted by UltraDNS were completely unresolvable. And  
particularly what anycast had to do with these instances (which I  
*think* is the point you're trying to make, but at this stage I may  
be completely off in the weeds). Hopefully, in this case, you're  
actually passing an opinion based on your experience of this, and not  
on second or third party reports from people who seemed to see  
things, but could not substantiate what they had seen in any way. Yes?

>
>
> So far as I know, they continue to operate in this very same mode  
> today.

Given the comprehensive display of your clue level regarding anycast  
and routing, I have no doubt this is the case. And I won't even ask  
you what you mean by "this very same mode". I'm concerned that  
grokking your explanation would "really" make my head hurt.