This was Vixie's last post on the subject of Anycast on DNSOP. NB: Patrick Gilmore and Chris Morrow, note that Vixie agrees that HTTP anycast is a bad idea. Note the nonsense about anycast being "completely coherent". Note also that Vixie continues to ignore per-packet load balancing issues, and focuses on route-change times, instead. ---------- Forwarded message ---------- Date: 29 Mar 2005 22:46:27 +0000 From: Paul Vixie <vixie@vix.com> To: dnsop@lists.uoregon.edu Subject: Re: [dnsop] DNS Anycast revisited david.conrad@nominum.com (David Conrad) writes:
In my experience, shared unicast DNS provides quite a few benefits, particularly in the context of ISPs or services that need to be highly available, at the cost of some additional routing configuration complexity. There are, of course, situations in which the costs of shared unicast DNS outweigh the benefits, but I've found those situations to be rare in larger networks.
i figure this is as good a time to mention this as any. david conrad was the first voice for wide scale ipv4 anycast of root name servers, and when f-root started deploying this (in the months before the october 2002 ddos) it was because david and i had been sharing an office and talking about it. ("and it makes for great security/resiliency slideware.") for the record, i remain convinced that unowned anycast (where the prefix being advertised isn't solely controlled by a single entity worldwide) is dangerous and should not be done except in cases like AS112 (www.as112.net). ("but it makes for great socialist-internet slideware.") while i'm on the subject, i also remain convinced that using anycast to do distributed load balancing for applications like WWW, on the assumption that the path you heard a dns query on is instructive as to what content would be best to answer with, is silly, and will more often do harm or do nothing than do good. (and i've told akamai and speedera this many times.) ("but it makes for great marketing slideware.") lest anyone be confused, ultradns's anycast for .ORG is completely coherent and doesn't admit the possibility of giving out different responses from different anycast nodes for policy reasons or any other reason, and so it's an example of "good" anycast the way i count such things. finally, a word about tcp. even the most pessimistic route-change measurements (from verisign and IIJ) wouldn't affect tcp performance for transactions as short-lived as occur with dns queries. but that's not a justification for switching to tcp. if we believe that EDNS0's buffer size management isn't good enough, then we can bring back the MD bit from an old EDNS1 proposal. but we won't be holding full tcp session state in dns servers. nope nope nope. -- Paul Vixie . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html