[dns-operations] Anycast vs. unicast NS

Hugo Salgado hsalgado at nic.cl
Fri Mar 18 18:44:33 UTC 2011


On 03/18/2011 01:28 PM, Joe Abley wrote:
> 
> Whilst including unicast (by which I mean non-anycast) servers in an NS set
> might seem like a good idea, favouring operational diversity, it's my
> experience that there are many other things more likely to take an
> individual nameserver off-line than an anycast-specific effect and
> such a strategy in many cases is likely to optimise the wrong thing.
> 

This was our case.

In .CL we've been changing our infrastructure to anycast from
many years, with a mix of third-party clouds and some under our
control, eventually leaving only 1 unicast NS. It seemed a good idea
to keep that way.

However, we're facing a storm of queries from 3 months[1], and guess
what... the load is completely balanced in the anycast nodes, but the
unicast server was facing a lot of trouble, and getting close to the
limits we tested in lab.

So, in the choice between upgrade our unicast node with a cluster/load
balancer, and our experience with our anycast infrastructure, we
ended migrating our last unicast NS to a anycast cloud few weeks ago.

We haven't noticed any issues, so far.

Hugo


[1] Botnet affecting .CL - Mauricio Vergara Ereche, nic.cl

<http://svsf40.icann.org/meetings/siliconvalley2011/presentation-query-storm-14mar11-en.pdf>



More information about the dns-operations mailing list