[dns-operations] Too Open (Was: OpenDNS makes your Internet work better
Brad Knowles
brad at stop.mail-abuse.org
Fri Jul 14 17:32:59 UTC 2006
At 9:32 AM -0400 2006-07-14, Edward Lewis wrote:
> By the same logic, anyone running a web site ought to maintain a
> gopher server too, in case there's a systemic problem in HTTP. ;)
No. HTTP doesn't fall back to gopher. At a protocol level, they are
not interchangeable different implementations of servicing the same
data.
If this was the case, then having each HTTP server also support the
gopher protocol might be a pretty good idea.
> While in transition from one way of performing a service to another,
> it is wise to mix the new in with the old while there is certain
> level of risk that the new way will fail (meaning, cause the service
> to violate the service level agreement). But there's a point in
> which the new way matures and obsoletes the need for the old way.
If you could guarantee that using anycast solutions could not
possibly cause all service addresses to collapse to the same pod (or
considerably smaller subset of pods), I might be willing to buy this
argument.
But since we're talking about implementation details here, the key is
getting those details right. UltraDNS certainly didn't (doesn't?),
and given the limited nature of /etc/resolv.conf, I'm not at all
convinced that it is physically possible for OpenDNS to do so.
> Anycast has proven itself for quite some time now. The technology is
> well understood now and experience is increasing. I think a
> requirement or even a recommendation to mix anycast and unicast "in
> case anycast fails" is outdated.
As I see it, it's either that or guaranteeing that it is not
physically possible for all anycast addresses to collapse onto the
same pod (or greatly reduced set of pods).
Personally, I think it's easier to throw in a few unicast addresses
into the mix, but maybe that's just me.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
Founding Individual Sponsor of LOPSA. See <http://www.lopsa.org/>.
More information about the dns-operations
mailing list