[dns-operations] Too Open (Was: OpenDNS makes your Internet work better
Brad Knowles
brad at stop.mail-abuse.org
Fri Jul 14 10:19:46 UTC 2006
At 7:51 PM -0700 2006-07-13, Rodney Joffe wrote:
> On Jul 13, 2006, at 4:35 PM, Brad Knowles wrote:
>> At 4:27 PM -0700 2006-07-13, Bill Woodcock wrote:
>
> Hopefully Woody doesn't mind the fact that you posted publicly and
> included an apparent private reply from him. But hey, none of my
> business ;-). Nevertheless...
Well, I might have everything else wrong, but at least I can tell the
difference between a private reply and one that was sent to me as
well as being posted to the list.
> H'mmm. Do you then mean that if UltraDNS had deployed in a unicast-only
> manner, then various clusters would not have broken at different times? Or
> did you mean that if UltraDNS had deployed in a mixture of unicast and
> anycast, various clusters would not have broken at different times?
No, I'm saying that if UltraDNS had deployed both anycast and unicast
mode addresses, then if the anycast addresses led you to a site that
was "closer" but also broken, then hopefully the unicast addresses
would point to a different site that might be further away and
slower, but would at least still work.
This is the key point I'm trying to get across -- IMO, deploying only
anycast addresses for a given service is unwise, as it leads to the
risk where all the packets being sent to those addresses wind up at a
site that may be topologically closer but may also be broken.
Even if there are a large number of anycast addresses that are
advertised, each via different routing prefixes, that's still only a
probabilistic solution. Now, if you've got thirteen anycast
addresses that are each advertised via different and unique routing
prefixes, maybe that's a high enough probability that you won't have
all thirteen of those addresses routed to the same site for an
appreciable slice of the Internet.
But UltraDNS wasn't advertising thirteen service addresses, nor is OpenDNS.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
Founding Individual Sponsor of LOPSA. See <http://www.lopsa.org/>.
More information about the dns-operations
mailing list