iljitsch@muada.com (Iljitsch van Beijnum) writes:
On 5-aug-2005, at 15:55, Joe Abley wrote:
It is of course possible to construct networks through which TCP behaves very poorly with anycasted services. This does not mean that TCP is fundamentally incompatible with anycast.
It does mean that if people want to anycast services that run over TCP (even just a small part of the time, such as DNS) they should make sure this works well.
it's working fine for 30+ instances of F-root.
A good start is using different AS numbers for the anycast instances so (Cisco) routers won't load balance over the different paths.
we have not encountered a problem like this, even though all F-root anycast instances use a consistent origin-AS. my belief, previously explained here, is that anyone who turns on multipath-EGP (rather than multipath-IGP) is going to have a boatload of other problems before they ever get around to noticing whether TCP is working toward anycasted servers. (OSPF ECMP is, i believe, on-by-default; multipath-BGP is, i am sure, off-by-default.)
But all of this is irrelevant to the discussion at hand, unless I missed something big and DNS over TCP has now been deprecated. If that's the case, the appropriate action is to disable TCP queries in the software, not to avoid TCP queries by keeping response sizes small.
agreed. (that TCP isn't a problem.)
But my original point was that you won't go over the non-EDNS0 limit for normal queries with less than a dozen AAAA records anyway.
disagreed. (because DNSSEC is coming.) -- Paul Vixie