On Fri, Aug 05, 2005 at 04:10:46AM -0700, Bill Woodcock wrote:
On Fri, 5 Aug 2005, Sabri Berisha wrote: > With the use of anycast DNS servers on the internet, TCP is no longer an > option for DNS.
Bzzzt. Try again.
/--[cabernet]--[merlot]--[riesling]--[server 1] [end-host] ----- [shiraz] | \--[sangria]]--[chardonnay]--[bordeaux]--[server 2] Imagine a TCP session between end-host and server 1. The path is asymmetric: traffic from end-host to server 1 flows as shiraz->cabernet->merlot->riesling->server 1 traffic from server 1 to end-host flows as riesling->merlot->chardonnay->sangria->shiraz->end-host end-host does a dns request, and server 1 answers. There are now 2 things which can theoretically break: 1. route change Suppose merlot looses adjacency with riesling. It will then send the tcp-packets from end-host to server 2, which has now knowledge of the session and return a RST 2. mtu problems Suppose server 1 returns a packet with an size of X bytes. Suppose Chardonnay has an mtu of X-1 to Sangria. Chardonnay will then send a packet-too-large to the server 1. But what if Chardonnay has a better route via Bordeaux instead of via Merlot? The icmp packet will not arrive at server 1 and the request will time out. Yes, this is theoretically. Yes the request will definately be retransmitted. But it can brake, so imho anycast dns using tcp is not a wise thing to do. -- Sabri Berisha, Juniper Certified - JNCIA #747 | Cisco Certified - CCNA email: sabri@cluecentral.net | cell: +31 6 19890416 http://www.cluecentral.net/ | http://www.virt-ix.net/