On Mon, 28 Mar 2005, David Conrad wrote: > Dean, > > On Mar 27, 2005, at 1:49 PM, Dean Anderson wrote: > >> Anycast DNS is inadvisable. DNS is specified to work on TCP, and > >> Anycast > >> is unsuitable for TCP. > > Can you provide your empirical data that demonstrates using shared > unicast is unsuitable for DNS over TCP?
The anycast RFC notes that TCP protocols aren't suitable for anycast. ISC started promoting the idea that TCP could also be anycast. PPLB on BGP was tested by [EMAIL PROTECTED] He reports it works: Packets are sent over each link on a per-packet basis. I have to find who confirmed it worked on OSPF links. (that might actually be cisco) Once you know that (TCP) packets will take different paths on a per-packet basis, then its a simple matter to show that different anycast versions of the same root server may be reached by different paths. I have a drawing that I used to discuss the issue with Iljitsch van Beijnum and others on the dnsop and ietf list. (forwarded to dnsop just now) > > Joe Shen has no compelling need of anycast DNS. It is a bad operational > > decision to deploy it. > > Since you indicate you know Joe Shen's needs, can you describe why he > has no compelling need for anycast DNS or why it would be a bad > decision to deploy it? He can add more nameservers to his list of authoritative servers. Root servers, by contrast, could no longer add authoritative servers since 13 is the maximum. Another method was needed to continue to expand the number of root servers. (I think there were other alternatives for root servers, however, the root operators had some justification, whereas Shen has none.) > In my experience, shared unicast DNS provides quite a few benefits, > particularly in the context of ISPs or services that need to be highly > available, at the cost of some additional routing configuration > complexity. Anicast servers offer no benefits for high availability which aren't offered by simple failover. Remember that anycast has two different paths to the same IP address, frequently in different physical locations, whereas simple failover has a single path to a same ethernet where there are two servers which can take over the same IP address. If an anycast server fails, it won't respond for that packets using that path, forcing a lookup against a different server. Certainly some improved availability can be obtained with ordinary failover methods where there are not multiple paths. I don't object to that. But that isn't anycast. Simple failover is when two servers share a same lan, and one server can take over the IP address of another if it fails. Simple failover is distinguished from anycast. Of course, if the path fails, then both servers are unavailble. Given the Joe's situation, he should use either simple failover (and single path), or he should add additional authoritative servers (he has only two) with different IP addresses and possibly different paths. > There are, of course, situations in which the costs of > shared unicast DNS outweigh the benefits, but I've found those > situations to be rare in larger networks. -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
