[dns-operations] Too Open (Was: OpenDNS makes your Internet work better

Rodney Joffe rjoffe at centergate.com
Sun Jul 16 03:04:23 UTC 2006

Goody. Operational stuff...

On Jul 15, 2006, at 6:12 PM, Joe Abley wrote:

> To pick a message more or less at random to reply to, you're  
> digging in far too deeply into a single service without enough  
> information about how it is provisioned to be able to draw any  
> useful conclusions.
> If there's a point here about anycast-only NS sets, surely it's far  
> more general:
>  - if there's some systematic failure mode (as-yet unknown,  
> perhaps) which afflicts nameservers which are distributed using  
> anycast, and
>  - if nameservers which are not distributed using anycast are not  
> vulnerable to that same failure mode, then
>  - an NS set which includes both nameservers which are distributed  
> using anycast and those which are not would provide greater  
> reliability than an NS set which was anycast-only.

In a mixed implementation there's something else to consider though:

I think there are around 40 geographic instances of the f-root? If f  
was the only anycast root server, and the 40 anycast instances were  
topologically proportionally dispersed (sorry, I can't think of a  
better way of describing it but hopefully you know what I mean) in  
relation to the other 12 root servers, f would be handling 40/52nds  
of global queries (let's assume all of the recursive servers are  
running BIND and so behave properly by mostly querying the closest  
instance to them). The remaining unicast root servers would have to  
be rather well provisioned -  in an edge case where the announcement  
for f is withdrawn, one of the unicast instances might have to be  
ready to instantly handle 41/52nds of global queries.


More information about the dns-operations mailing list