[dns-operations] Too Open (Was: OpenDNS makes your Internet work better
Ondřej Surý
ondrej.sury at nic.cz
Fri Jul 14 04:28:00 UTC 2006
> Could you explain how anycast vs anycast/unicast combo vs. unicast
> only differ in their effects when clusters break? Could you also
> explain what you mean by a broken cluster?
Maybe I can. As far as I was able to see how ultradns servers work all
tld{1..6} are served by same "cluster", to see what I mean try:
dig a whoareyou.ultradns.net @...
for _all_ of UltraDNS nameservers.
Now imagine situation when this cluster breaks in way that all those
machines are not responding (or whatever), but doesn't stop advertise
via BGP. Now you suddenly cannot ask for anything, since all ultradns
servers are broken for you at the same time. Thus error or
misconfiguration of single "cluster" can cause denial of service for
zones hosted at UltraDNS.
This situation can be easily prevented by having more than 6 clusters
and not advertising all 6 /24 via BGP in all clusters at the same time.
I don't know more about UltraDNS setup and how they check if nameservers
in cluster are working - and on what condition they stop advertising
those networks via BGP, so I maybe seriously mistaken.
Ondrej.
--
Ondřej Surý
technický ředitel/Chief Technical Officer
-----------------------------------------
CZ.NIC, z.s.p.o. -- .cz domain registry
Americká 23,120 00 Praha 2,Czech Republic
mailto:ondrej.sury at nic.cz http://nic.cz/
sip:ondrej.sury at nic.cz tel:+420.222745110
mob:+420.739013699 fax:+420.222745112
-----------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5888 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20060714/199be4a5/attachment.bin>
More information about the dns-operations
mailing list