[dns-operations] Too Open (Was: OpenDNS makes your Internet work better

Brad Knowles brad at stop.mail-abuse.org
Fri Jul 14 17:32:59 UTC 2006

At 9:32 AM -0400 2006-07-14, Edward Lewis wrote:

>  By the same logic, anyone running a web site ought to maintain a
>  gopher server too, in case there's a systemic problem in HTTP. ;)

No.  HTTP doesn't fall back to gopher.  At a protocol level, they are 
not interchangeable different implementations of servicing the same 

If this was the case, then having each HTTP server also support the 
gopher protocol might be a pretty good idea.

>  While in transition from one way of performing a service to another,
>  it is wise to mix the new in with the old while there is certain
>  level of risk that the new way will fail (meaning, cause the service
>  to violate the service level agreement).  But there's a point in
>  which the new way matures and obsoletes the need for the old way.

If you could guarantee that using anycast solutions could not 
possibly cause all service addresses to collapse to the same pod (or 
considerably smaller subset of pods), I might be willing to buy this 

But since we're talking about implementation details here, the key is 
getting those details right.  UltraDNS certainly didn't (doesn't?), 
and given the limited nature of /etc/resolv.conf, I'm not at all 
convinced that it is physically possible for OpenDNS to do so.

>  Anycast has proven itself for quite some time now.  The technology is
>  well understood now and experience is increasing.  I think a
>  requirement or even a recommendation to mix anycast and unicast "in
>  case anycast fails" is outdated.

As I see it, it's either that or guaranteeing that it is not 
physically possible for all anycast addresses to collapse onto the 
same pod (or greatly reduced set of pods).

Personally, I think it's easier to throw in a few unicast addresses 
into the mix, but maybe that's just me.

Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

  Founding Individual Sponsor of LOPSA.  See <http://www.lopsa.org/>.

More information about the dns-operations mailing list