[dns-operations] Too Open (Was: OpenDNS makes your Internet work better
John Payne
john at sackheads.org
Fri Jul 14 05:14:58 UTC 2006
On Jul 14, 2006, at 12:55 AM, Nicholas Suan wrote:
> On 7/13/06, brett watson <brett at the-watsons.org> wrote:
>>
>> you seem stuck on the concept that "ultrdns had only TWO
>> authoritative name servers listed for .org" when in fact the number
>> of authoritative servers listed for a zone in an anycast environment
>> has *no* bearing on how many resolvers are actually active and able
>> to resolve queries.
>>
>
> It's not any of those seperaly, it's both taken together that was
> the problem:
>
> UltraDNS had two NS records for org.
>
> UltraDNS also had two 'pods' fail simultaneously, in such a way that
> they continued to advertise the prefix without being able to respond
> to queries.
>
> In some parts of the internet, the area serviced by these two pods
> overlapped, causing a complete outage.
>
> Had there been more NS records, and no overlap of address space being
> serviced by the pods, the failure of the two pods would not have been
> a problem as the number of available nameservers would have been
> greater than the number of failed pods.
You're still sticking anycast as a fault where it doesn't belong.
More information about the dns-operations
mailing list