[dns-operations] Too Open (Was: OpenDNS makes your Internet work better

Brad Knowles brad at stop.mail-abuse.org
Fri Jul 14 10:19:46 UTC 2006

At 7:51 PM -0700 2006-07-13, Rodney Joffe wrote:

>  On Jul 13, 2006, at 4:35 PM, Brad Knowles wrote:
>>  At 4:27 PM -0700 2006-07-13, Bill Woodcock wrote:
>  Hopefully Woody doesn't mind the fact that you posted publicly and
>  included an apparent private reply from him. But hey, none of my
>  business ;-). Nevertheless...

Well, I might have everything else wrong, but at least I can tell the 
difference between a private reply and one that was sent to me as 
well as being posted to the list.

>  H'mmm. Do you then mean that if UltraDNS had deployed in a unicast-only
>  manner, then various clusters would not have broken at different times? Or
>  did you mean that if UltraDNS had deployed in a mixture of unicast and
>  anycast, various clusters would not have broken at different times?

No, I'm saying that if UltraDNS had deployed both anycast and unicast 
mode addresses, then if the anycast addresses led you to a site that 
was "closer" but also broken, then hopefully the unicast addresses 
would point to a different site that might be further away and 
slower, but would at least still work.

This is the key point I'm trying to get across -- IMO, deploying only 
anycast addresses for a given service is unwise, as it leads to the 
risk where all the packets being sent to those addresses wind up at a 
site that may be topologically closer but may also be broken.

Even if there are a large number of anycast addresses that are 
advertised, each via different routing prefixes, that's still only a 
probabilistic solution.  Now, if you've got thirteen anycast 
addresses that are each advertised via different and unique routing 
prefixes, maybe that's a high enough probability that you won't have 
all thirteen of those addresses routed to the same site for an 
appreciable slice of the Internet.

But UltraDNS wasn't advertising thirteen service addresses, nor is OpenDNS.

Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

  Founding Individual Sponsor of LOPSA.  See <http://www.lopsa.org/>.

More information about the dns-operations mailing list