North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DNS anycast considered harmful (was: .ORG problems this evening)

  • From: Iljitsch van Beijnum
  • Date: Thu Sep 18 07:59:26 2003


On donderdag, sep 18, 2003, at 13:38 Europe/Amsterdam, Todd Vierling wrote:

: 	ultradns uses the power of anycast to have these ips that appear
: to be on close subnets in geographyically diverse locations.

Oh, that's brilliant. How nice of them to defeat the concept of redundancy
by limiting me to only two of their servers for a gTLD.
Well, for me one goes to London and the other to Washington, so from where I'm sitting there is geographical diversity.

But having only two servers and anycast those is nonsense. That means I have to depend on BGP to get to the closest server. This is something BGP is really bad at. DNS servers on the other hand track RTTs for query responses and really *know* which server is the fastest rather than guess based on third hand routing information.

And more importantly: if there is only a single working server, everyone in the world is able to reach it. With anycast it can easily happen that you're transported to the nearest dead server.

For the root anycasting makes some sense as it's impossible to add more real root servers because of packet size limitations (but I hope they're smart enough to keep some non-anycasted root servers around), but with only two servers listed, org really doesn't need anycasting.

the same route before hitting !H from an ultradns.com rDNS machine.
What's up with those host unreachables anyway? I wouldn't be surprised if there are IP stacks that cache these. Then if you do a ping to one of the org servers and get a host unreachable, any subsequent DNS queries will be dropped locally as well. There are other ICMP responses that make much more sense for what they're trying to do.