[dns-operations] Too Open (Was: OpenDNS makes your Internet work better
Joe Abley
jabley at ca.afilias.info
Sun Jul 16 01:12:34 UTC 2006
On 14-Jul-2006, at 06:19, Brad Knowles wrote:
> At 7:51 PM -0700 2006-07-13, Rodney Joffe wrote:
>
>> H'mmm. Do you then mean that if UltraDNS had deployed in a
>> unicast-only
>> manner, then various clusters would not have broken at different
>> times? Or
>> did you mean that if UltraDNS had deployed in a mixture of
>> unicast and
>> anycast, various clusters would not have broken at different times?
>
> No, I'm saying that if UltraDNS had deployed both anycast and unicast
> mode addresses, then if the anycast addresses led you to a site that
> was "closer" but also broken, then hopefully the unicast addresses
> would point to a different site that might be further away and
> slower, but would at least still work.
To pick a message more or less at random to reply to, you're digging
in far too deeply into a single service without enough information
about how it is provisioned to be able to draw any useful conclusions.
If there's a point here about anycast-only NS sets, surely it's far
more general:
- if there's some systematic failure mode (as-yet unknown, perhaps)
which afflicts nameservers which are distributed using anycast, and
- if nameservers which are not distributed using anycast are not
vulnerable to that same failure mode, then
- an NS set which includes both nameservers which are distributed
using anycast and those which are not would provide greater
reliability than an NS set which was anycast-only.
However, this is not the only degree of freedom a zone operator might
seek to exercise in trying to make his NS set diverse. I can think of
more than thirteen others. Given that there are more axes to navigate
here than there are room for (at least, assuming you want to give
good service over UDP to people who don't speak EDNS0) something's
got to give.
Joe
More information about the dns-operations
mailing list