North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: /8 end user assignment?

  • From: Sabri Berisha
  • Date: Fri Aug 05 07:56:42 2005

On Fri, Aug 05, 2005 at 04:10:46AM -0700, Bill Woodcock wrote:
> 
>       On Fri, 5 Aug 2005, Sabri Berisha wrote:
>     > With the use of anycast DNS servers on the internet, TCP is no longer an
>     > option for DNS.
> 
> Bzzzt.  Try again.


			/--[cabernet]--[merlot]--[riesling]--[server 1]
[end-host] ----- [shiraz]		  |
			\--[sangria]]--[chardonnay]--[bordeaux]--[server 2]

Imagine a TCP session between end-host and server 1. The path is
asymmetric: traffic from end-host to server 1 flows as

shiraz->cabernet->merlot->riesling->server 1

traffic from server 1 to end-host flows as

riesling->merlot->chardonnay->sangria->shiraz->end-host

end-host does a dns request, and server 1 answers.

There are now 2 things which can theoretically break:

1. route change
Suppose merlot looses adjacency with riesling. It will then send the
tcp-packets from end-host to server 2, which has now knowledge of the
session and return a RST

2. mtu problems
Suppose server 1 returns a packet with an size of X bytes. Suppose
Chardonnay has an mtu of X-1 to Sangria. Chardonnay will then send a
packet-too-large to the server 1. But what if Chardonnay has a better
route via Bordeaux instead of via Merlot? The icmp packet will not
arrive at server 1 and the request will time out.

Yes, this is theoretically. Yes the request will definately be
retransmitted. But it can brake, so imho anycast dns using tcp is not a
wise thing to do.

-- 
Sabri Berisha,
Juniper Certified - JNCIA #747	| Cisco Certified - CCNA
email: [email protected]	| cell: +31 6 19890416
http://www.cluecentral.net/	| http://www.virt-ix.net/