[dns-operations] Anycast vs. unicast NS

Bill Woodcock woody at pch.net
Sun Mar 20 21:16:15 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Mar 20, 2011, at 2:07 PM, Jim Reid wrote:
> There are additional failure modes here that aren't found at a unicast server…

Right, my point being that the complexities of operating a given number of unique servers outweigh those of operating the same number of identical servers.

> I'd be very surprised if PCH configures and operates its anycast DNS servers compared in *exactly* the same way as any unicast ones it operates.

We haven't really operated any unicast nameservers in fifteen years, but conceptually, each unicast instance is as complicated as an anycast instance, and the second instance of each is disproportionately more complex for the unicast instance, relative to the anycast one.

I'd be hard-pressed to imagine how much more management infrastructure we'd need, to be able to stay on top of hundreds of _unique_ servers.

Besides, what would be the point?

> I am saying that an all-anycast solution *is* a SPoF if it's the only DNS service offering that's used: ie sourced from one provider, no matter how robust and redundant their service is.

I hadn't seen you say that before.  Yes, of course, any manager of any server or set of servers is a single point of failure, so the correct approach is to use multiple anycast networks, or multiple anycast providers, or to subdivide your anycast network and operate portions of it in diverse ways, or whatever.  I don't think that's a controversial notion.

So, I guess we're in violent agreement. 

                                -Bill




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)

iEYEARECAAYFAk2Gbp8ACgkQGvQy4xTRsBFW6ACgtIh0xE7sLfXSnoQtcEufTGnR
P/cAoM8IkUa7EthPqoCZCJJFL+5NykP9
=MYxs
-----END PGP SIGNATURE-----




More information about the dns-operations mailing list