On Mon, 25 Apr 2005, Stephen J. Wilcox wrote:
So agreeing for a second with Dean that indeed this behaviour would appear to be prohibited or at least inconsistent with the RFCs, the fact is anycast is widely deployed and is proven to be stable.
"vixie-cast" is deployed on around 60 or so root DNS servers. (don't know the exact number) That covers a wide spread of root DNS servers, but I wouldn't call that 'widely deployed'. I haven't been able to find any users of HTTP anycast/'vixie-cast' that Patrick Gilmore referred. There are also very few TCP DNS queries to the roots, so it isn't widely used at present, and hasn't been widely used in the past. I don't think it can be claimed that "vixie-cast" has been proven to be stable. ISC's assertions of stablity at a 2002 Nanog are what probably brought it to Dr. Bernstein's attention. Those assertions of stability are what's being challenged. You cannot assume them true.
Perhaps a solution to this is to look at what would be the best consistent view and to write an RFC to clarify this and obsolete the old ones that produce the inconsistency. I'm not sure what that would look like but that would appear to be a way to eliminate the theoretical problem..
Another solution is to urge OS vendors to implement RFC 1546 TCP anycast. In order to use RFC 1546 TCP anycast, it is necessary to implement changes in all clients that might access TCP anycast servers (as well as in the servers). This would probably require a long time frame, but still good to encourage. It might be easier to require this for IPV6---though I don't know that it isn't already required for IPV6. Another solution is not to do Vixie-cast. This may require clarification to DNS RFCs to specify that TCP queries will not be made to root DNS servers. It was previously thought that DNSSEC would require TCP, but this isn't the case in the latest round of RFC drafts. I can't think of anything else in the pipe that might require TCP DNS queries to root servers. Non-root servers usually don't need to do anycast, and aren't required to do TCP. So one could do anycast without TCP, if one wanted. But one ought know that anycast'ing DNS precludes TCP DNS. The "vixie-cast" HTTP doesn't *seem* to be widely in use, and there are numerous other solutions for HTTP. So simply recommending a halt to that would seem to be low-impact. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000