On Mon, Jan 21, 2002 at 05:08:21PM +0000, E.B. Dreger wrote:
Date: Mon, 21 Jan 2002 10:07:32 -0500 From: James Smith <jsmith@PRESIDIO.com>
Get ready for more DOS-like behavior as systems get deployed that have 10 second TTLs in the DNS. These systems are used to provide multi-isp redundancy by pinging each upstreams router, and when a ping fails, start giving out a dns response using the other ISP IP range. Same FQDN, new IP.
Ughh. Constant pinging == RFC violation (I forget number). Short TTL = bad idea, stretching DNS beyond what it's meant to do. [Not intended as flamebait, but I know that not everyone will agree with this statement.]
Yup. But there is a business drive. When technology and business conflict... you WILL find out who writes your paycheck.
This of course is driven by the desire for redundancy in small businesses who make the Internet an integral part of their business plan. Either they can't get PI space and don't have
PI space isn't that big of a deal for most small businesses. For service providers, yes. For other organizations that have at most half a dozen Internet-facing servers that might be renumbered every year or two, it is less of an issue.
*choke* You've never actually worked for a small business that had some basic need for serious uptime (5 9s minimum) and serious security have you? Sure, they might need only a /26 for their entire network - but that network can easily be handling a few million dollars of value every hour, 24/7/365. Yes, I've had to lay this out. It was for a financial company which had to comply with banking requirements. PI space is not a valid answer for a small business. For a medium-sized business (especially if they can buy out an old company and the swamp /24 that comes with it), yes, but not a small one. (The answer, BTW, was to use 4 separate colocation providers, and clients which could handle SRV records, because we controlled it end-to-end. If we hadn't controlled both clients and servers, we would have been totally hosed - and the SRV TTLs were still only 5 minutes long.)
(or don't want to spend) the $$$ to do BGP, or are unable to
???
BGP isn't that expensive.
BGP isn't expensive. Buying swamp space so you can DO it reasonably is.
convince their upstream to cut a hole in their CIDR block and
Find a clueful or cooperative upstream...
allow a 2nd party to announce that chunk (which for some is as small as /28).
This _is_ a problem.
s/a problem/nigh-impossible/ Ever looked at the number of blocks now marked Non-Portable? Most providers I talked to in the above endeavor wouldn't allow slice-n-dice out of any of those blocks. [ snip ] BTW, setting minimum TTLs, while a valid *business* response, isn't a valid technical one. After all, if they said TTL 5, they had a reason for it. The fact that your *business* considers this excessive is a counter to their *business* need for having short TTLs. After all, if it were solely reasons based on technical merit... DNS resolvers scale well, as does bandwidth. -- *************************************************************************** Joel Baker System Administrator - lightbearer.com lucifer@lightbearer.com http://users.lightbearer.com/lucifer/