[dns-operations] Too Open (Was: OpenDNS makes your Internet work better

Peter Dambier peter at peter-dambier.de
Sat Jul 15 08:53:33 UTC 2006

Brad Knowles wrote:
> At 9:49 PM +0200 2006-07-14, Per Heldal wrote:
>> From your angle, given the use of minimum 2 independent providers
>> to host every zone, what do I loose if all listed nameserver (ns >= 2)
>> use anycast?

Half a billion costumers.

Some of the rootservers of the Public-Root were meant to be anycasted.
We tried but we never got it working. There were holes on the surface
of the globe that could not be seen. It was a routing problem but
we never got it fixed.

I am shure there will be other holes or even the same holes on that
very same globe that wont see anycasted servers.

If you dont have costumers in Africa, Asia, Australia, Canada or Europe
go for it.

If you have, you will loose half a billion costumers.

> I've already said what I'm going to say on this thread.  If I haven't 
> made my point clear to you by now, I don't think that there's any 
> hope of being able to do so in the immediate future.
> That's probably my fault, but I don't think it matters.  At this 
> point, I think it's best to just drop the whole subject.

Brad, I hope I have expressed your thoughts in the right way. You
may disagree but to some people you have to enlarge bakteria to the
size of a dromedar because they refuse to wear their glasses :)

> Clearly, I need to learn more about routing terminology before 
> attempting any further discussion of these topics.
> However, nothing I've looked at so far has convinced me that there is 
> not a serious issue here for organizations that do not provide an 
> adequate number of anycast service addresses, and do not distribute 
> these service addresses across a suitable number of distinct and 
> independent topographical locations.

I have seen some hackers that were not good at terminology either.
They were router gods but they did not succeed in anycasting.

> This was my point about what we're currently seeing from OpenDNS, and 
> I used the example of problems we had witnessed previously with 
> UltraDNS to support that.  Unfortunately, we got dragged down a 
> rathole on the UltraDNS issues.
> But regardless of whether or not UltraDNS has been able to address 
> their problems and come up with an appropriate solution, I remain 
> convinced that because of the nature of /etc/resolv.conf and the 
> typical limitations of the resolver only paying attention to three 
> addresses listed in that file, OpenDNS will face insurmountable 
> obstacles in trying to do the same.

I guess we shall learn a lot from them. It is always good to learn
form the errors other people do - and not doing them yourself :)

Peter and Karin

Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com

More information about the dns-operations mailing list