On Wed, 30 Mar 2005, jing shen wrote: > Maybe I did not explain my situation clearly in previous message. > > In fact, what I'm facing is to set up a public DNS service system > which consist Cache Server ONLY. We do have authoritative servers, but > those server only serves a few domain name.
Hence, adding additional authoritative servers does not help, nor does adding extra servers to your customer's resolv.confs or equivilant. > Each of the four DNS cache servers we are using has unique IP address, > which is known to our customers ( some of them designate dns server, > some of them use DNS server distributed by BRAS). The reason which > makes me thought anycast may do some help is : In your situation, you want to shy away from using the unqualified term 'anycast' on this list. As is somewhat obvious, certain people on this list have kneejerk reactions to the term. Using 'load balancing', 'load distribution' and 'server redundancy' is better. Ideally, your customers are all configured with the same IP address as their first resolver. This IP address is announced by multiple machines in your local infrastructure to your routers via your preferred IGP (I like OSPF myself). Assuming that you have a good IGP mesh between all of your routers, then when one machine goes down and withdraws the route for the specific IP address to its local router, that router will forward requests for that IP address to another router which has a connected machine. > 1) it could be used to set up a distributed server system which may > improve availability; Yes. > 2) it could be used to balance load on servers in one site while we do > not need pay for dedicated load balancer(which may be another point of > failure); You'll be using your routers as load balancers. If you run into issues, look into memory usage on the routers first. > 3) It could do some help to improve security level because we > could hide the whole system from DDoS attacker. Security through obscurity may make you sleep better at night, but do not rely upon this. > 4) It could maintein an unique user interface, customers could > keep the original resolver settings while enjoying better service;( > they do not need to re-config their computer) This is a big plus, although I think you mean 'consistent user interface'. Maintaining seperate settings per customer is a support nightmare. > 5) It may ease system administration because we could > offline any server for maintenance at any time. This is also a big plus. > I'm not sure whether analysis above is correct, and , as you pointed > out, anycast do have some problem with TCP based service. Althought we > only need to provide cacheing service, we have to open TCP/53 for > incoming requests because we are not sure whether our customer's > computer use UDP for domain resolution ONLY. Most routers, when used as load balancers in this situation, will perform per-flow load balancing, not per-packet ( At least this is the case with cisco and juniper). _Short_ TCP sessions will flow to the same machine as chosen originally, resulting in no breakage. Longer TCP sessions, in the order of minutes, may have issues. As mentioned previously, don't expect large zone AXFRs to work consistently if requested from a distributed IP address. --==-- Bruce. . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
