[dns-operations] Too Open (Was: OpenDNS makes your Internet work better

Joe Abley jabley at ca.afilias.info
Sun Jul 16 01:12:34 UTC 2006


On 14-Jul-2006, at 06:19, Brad Knowles wrote:

> At 7:51 PM -0700 2006-07-13, Rodney Joffe wrote:
>
>>  H'mmm. Do you then mean that if UltraDNS had deployed in a  
>> unicast-only
>>  manner, then various clusters would not have broken at different  
>> times? Or
>>  did you mean that if UltraDNS had deployed in a mixture of  
>> unicast and
>>  anycast, various clusters would not have broken at different times?
>
> No, I'm saying that if UltraDNS had deployed both anycast and unicast
> mode addresses, then if the anycast addresses led you to a site that
> was "closer" but also broken, then hopefully the unicast addresses
> would point to a different site that might be further away and
> slower, but would at least still work.

To pick a message more or less at random to reply to, you're digging  
in far too deeply into a single service without enough information  
about how it is provisioned to be able to draw any useful conclusions.

If there's a point here about anycast-only NS sets, surely it's far  
more general:

  - if there's some systematic failure mode (as-yet unknown, perhaps)  
which afflicts nameservers which are distributed using anycast, and

  - if nameservers which are not distributed using anycast are not  
vulnerable to that same failure mode, then

  - an NS set which includes both nameservers which are distributed  
using anycast and those which are not would provide greater  
reliability than an NS set which was anycast-only.

However, this is not the only degree of freedom a zone operator might  
seek to exercise in trying to make his NS set diverse. I can think of  
more than thirteen others. Given that there are more axes to navigate  
here than there are room for (at least, assuming you want to give  
good service over UDP to people who don't speak EDNS0) something's  
got to give.


Joe




More information about the dns-operations mailing list