On Thu, 18 May 2006, Dean Anderson wrote:
First, I would strongly recommend _against_ using DNS Anycast, since anycast does not work for stateful DNS, which is required for DNSSEC. Second, there are many problems involved in DNS Anycast management and problem tracking.
I agree with the second - it certainly does make debugging harder. I also agree that the method I mentioned is not foolproof. But your first statement is probably false. We did a broad survey about 1.5 yrs ago and found that the average time between switches was 14.4 minutes, but the median AS saw root switches every 3 hours on average (http://www.nanog.org/mtg-0505/boothe.html) Some ASs had severe extant routing problems, and dragged the mean a long ways away from the median. Because stateful DNS queries are really short lived, let's assume a flow of ~10 seconds duration. 14 minutes is 60 * 14 seconds, and the chance that our flow to that given root is going to overlap is 10/(60*14), or about 1.2%. Which isn't great, but isn't too bad. If we look at the median AS, however, then things look a lot better. Switching every 3 hours reduces that unreliability by a factor of 3*60/14 =~ 12.9, which means that anycast reduces DNS reliability by just less than 0.1% for a given root. Given that the difference in reliability (according to DNSmon) between anycasted and non-anycasted roots is 1% in anycast's favor (http://www.nanog.org/mtg-0505/karrenberg.html), then for the majority of ASs, anycast is a net win in reliability even for stateful DNS, as long as the flows are short-lived. Counter-intuitive, I agree. But it seems to be true for the existing DNS anycast deployment on the internet (or at least was true in late 2004). -Peter -- Peter Boothe PhD Student "Young man, you think you're very Computer Science smart, but it's turtles all the way University of Oregon down!" http://www.cs.uoregon.edu/~peter