[dns-operations] Too Open (Was: OpenDNS makes your Internet work better

Brad Knowles brad at stop.mail-abuse.org
Sat Jul 15 04:18:21 UTC 2006

At 9:49 PM +0200 2006-07-14, Per Heldal wrote:

>       From your angle, given the use of minimum 2 independent providers
>  to host every zone, what do I loose if all listed nameserver (ns >= 2)
>  use anycast?

I've already said what I'm going to say on this thread.  If I haven't 
made my point clear to you by now, I don't think that there's any 
hope of being able to do so in the immediate future.

That's probably my fault, but I don't think it matters.  At this 
point, I think it's best to just drop the whole subject.

Clearly, I need to learn more about routing terminology before 
attempting any further discussion of these topics.

However, nothing I've looked at so far has convinced me that there is 
not a serious issue here for organizations that do not provide an 
adequate number of anycast service addresses, and do not distribute 
these service addresses across a suitable number of distinct and 
independent topographical locations.

This was my point about what we're currently seeing from OpenDNS, and 
I used the example of problems we had witnessed previously with 
UltraDNS to support that.  Unfortunately, we got dragged down a 
rathole on the UltraDNS issues.

But regardless of whether or not UltraDNS has been able to address 
their problems and come up with an appropriate solution, I remain 
convinced that because of the nature of /etc/resolv.conf and the 
typical limitations of the resolver only paying attention to three 
addresses listed in that file, OpenDNS will face insurmountable 
obstacles in trying to do the same.

Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

  Founding Individual Sponsor of LOPSA.  See <http://www.lopsa.org/>.

More information about the dns-operations mailing list