[dns-operations] Anycast vs. unicast NS
David Miller
dmiller at tiggee.com
Fri Mar 18 15:18:01 UTC 2011
On 3/18/2011 8:32 AM, Jim Reid wrote:
> On 18 Mar 2011, at 10:13, Shane Kerr wrote:
>
>> IIRC, all of Afilias' authoritative servers are anycast these days, and
>> that covers ORG, INFO, and a slew of ccTLD and a handful of other gTLD.
>
> Hmmmm.....
>
>> Other than the usual problems with anycasting in general (where *did*
>> that query hit, whoops one of the hosts at node X is behind, and so on)
>> I can't think of any special problems with such a setup.
>
> Well if all the DNS servers are anycast, that in itself becomes a
> single point of failure. Which is probably not a Good Thing. Although
> anycasting is inherently very robust it does however introduce new
> failure modes that wouldn't otherwise be there. Even if those failures
> are highly unlikely. So having everything anycast means there would be
> no backup if/when one of those once-in-a-lifetime (tm) failures happens.
OK. I'll bite. Please provide exactly what the "single point of
failure" is with anycast that isn't present in unicast?
>
>> Having a fewer number of entries in your NS RRSET and making those
>> highly anycast should result in a better user experience than having
>> more unicast servers.
>
> ... until Something Bad happens to the anycast provisioning. eg Too
> much route flapping upsets BGP implementations, fat finger syndrome at
> an anycast node or cluster, etc.
>
> I agree with you Shane that a smaller NS RRset with highly anycast
> servers is a Good Thing. However this does not mean that should
> completely displace a zone's unicast servers. Some diversity in how
> DNS is provided would be better IMO. Even if the zone's anycast
> servers end up handling most (all?) of the query load.
>
>> It's magic! And you are probably better off not having unicast at
>> all. :)
>
> In the same way that a TLD would be much better off only using a
> single DNS implementation and just one hardware/OS platform for its
> servers? :-)
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--
-___________________________________
David Miller
Tiggee LLC
dmiller at tiggee.com
More information about the dns-operations
mailing list