[dns-operations] opting in to stupid DNS tricks
jim at rfc1035.com
Mon Feb 21 11:23:42 UTC 2011
On 19 Feb 2011, at 15:20, Patrick W. Gilmore wrote:
> Just checking the three largest sites I know off the top of my head (www.facebook.com
> , www.google.com, www.yahoo.com), all three return different A
> records depending on which source IP address requests the hostname.
Which is of course stupid because the IP address making the lookup is
almost certainly not the IP address of the end client. So they're
"optimising" for some recursive resolver rather than the end user's
stub resolver that made the initial query.
I wonder what these DNS tricksters are going to do if/when these zones
deploy Secure DNS.
BTW, I still don't understand why CDNs are abusing the DNS to solve
something that is actually a routing problem. What's wrong with
anycasting the IP address(es) of the web site or whatever? That way,
the network figures out the truly optimal path (peering policies
aside) between the end client and the content provider's server. Yes,
I realise this may break TCP connections sometimes, but how much of a
real problem is this? Has anyone got hard data about this?
> Therefore, you know damned well that Akamai (and all other CDNs,
> large websites, and anyone else who publishes heterogeneous A
> records) is 100% opt-in.
You must be using a different definition of opt-in. This term
generally means getting explicit consent beforehand. I don't remember
any of these CDNs ever asking me if I wanted to (not) depend on their
stupid DNS tricks. Anyone looking up names like the ones you mentioned
is of course 100% dependent on this DNS trickery. But please don't
imply they have opted in to it. And anyway just because lots of people
do something doesn't make it right or desirable. Lots of people drink
a US-produced liquid called Budweiser.
FWIW it's also very annoying (and stupid) to be presented with content
which the CDN thinks is relevant for the country where it believes the
resolving name server I've used is located rather than for the country
actually I'm in or the language(s) I understand. We can agree to
disagree about that.
More information about the dns-operations