[dns-operations] Anycast vs. unicast NS
Hugo Salgado
hsalgado at nic.cl
Fri Mar 18 18:44:33 UTC 2011
On 03/18/2011 01:28 PM, Joe Abley wrote:
>
> Whilst including unicast (by which I mean non-anycast) servers in an NS set
> might seem like a good idea, favouring operational diversity, it's my
> experience that there are many other things more likely to take an
> individual nameserver off-line than an anycast-specific effect and
> such a strategy in many cases is likely to optimise the wrong thing.
>
This was our case.
In .CL we've been changing our infrastructure to anycast from
many years, with a mix of third-party clouds and some under our
control, eventually leaving only 1 unicast NS. It seemed a good idea
to keep that way.
However, we're facing a storm of queries from 3 months[1], and guess
what... the load is completely balanced in the anycast nodes, but the
unicast server was facing a lot of trouble, and getting close to the
limits we tested in lab.
So, in the choice between upgrade our unicast node with a cluster/load
balancer, and our experience with our anycast infrastructure, we
ended migrating our last unicast NS to a anycast cloud few weeks ago.
We haven't noticed any issues, so far.
Hugo
[1] Botnet affecting .CL - Mauricio Vergara Ereche, nic.cl
<http://svsf40.icann.org/meetings/siliconvalley2011/presentation-query-storm-14mar11-en.pdf>
More information about the dns-operations
mailing list