[dns-operations] Too Open (Was: OpenDNS makes your Internet work better
John Payne
john at sackheads.org
Fri Jul 14 04:48:34 UTC 2006
On Jul 14, 2006, at 12:43 AM, Nicholas Suan wrote:
> On 7/13/06, brett watson <brett at the-watsons.org> wrote:
>
>>
>>> Assuming that the resolver was coded in a sane fashion, another root
>>> server; they should all contain the same data.
>>
>> but in a properly configured anycast environment (f-root, k-root, and
>> ultra come to mind), there's no need to go to "another root server"
>> because another instance of the anycast prefix would be followed to
>> the next closest instance of that same root server.
>>
>
> That's what was supposed to happen, however in the spefic case we're
> talking about, it didn't. That's not an anycast-only problem, anycast
> only really made it harder to debug. The DNS resolver doesn't know
> which servers are anycased and which aren't so there's no way for it
> to behave any differently when a request to an anycasted server fails
> as opposed to a request to a regular one.
Huh? It's not supposed to behave any differently. A failure of an
anycasted server that does not withdraw it's routes is IDENTICAL to
PART of the world to the failure of a unicasted server. To the rest
of the world... "what failure?"
A failure of an anycasted server that does withdraw it's routes....
"what failure?" (After a little route convergence).
More information about the dns-operations
mailing list