In message <alpine.BSF.2.00.0902081439461.72677@nog.angryox.com>, Peter Beckman writes:
After a few emails traded with David Ulevitch from OpenDNS, it is clear to me that they do NOT suffer from this issue, and have a work-around. My apologies to David and to OpenDNS for lumping them in and not doing better due dilligence when researching this issue.
On Sat, 7 Feb 2009, TJ wrote:
IMHO, off the top of my head, on a weekend where I haven't had enough coffe e yet:
3. Anycasted DNS Providers? Not sure how they could fix it, other than flag certain domains as special, and do something special for them, but man that smells like a hack.
Anycast is a good thing, but when geo-location style concerns are factored in maybe they should have region-based anycast addresses.
Anycast is extremely useful for fault tolerance, agreed. But what I personally didn't consider, and I don't think other people consider, when they chose to use an alternative DNS caching resolution providers is what might break or not operate as expected.
Having traded a few private emails from people smarter than I at Google and OpenDNS, I understand the issue much better than when I first posted. Thank you to you both.
Here's a theoretical solution to this problem that I'd like to open for discussion.
In each location where a provider hosts their anycasted service, there is likely a local, non-anycasted IP address for each server. When receiving a DNS request that is not in the local cache, or has expired, make the new request on that local IP address interface, rather than on the anycasted IP address interface. In those cases, GSLB records would likely return a more accurate set of results for clients making DNS requests of it, and when those records were requested from the anycasted DNS resolving service, the cached records would more likely be closer from a network standpoint to the actual service.
Obviously there are some issues: * need to patch BIND or PowerDNS to use a different interface for making new requests
query-source ....;
* possibility of the responding anycasted DNS server being close to server farm A, while being far away from DNS record requestor B
I'm curious to find out if others on the list know what other companies are using GSLB, and what the actual impact of anycasted DNS caching nameservers has on GSLB records. If enough people are using anycasted DNS resolution services, implementing a fix like this would reduce network traffic. By how much, I don't know.
Beckman --------------------------------------------------------------------------- Peter Beckman Internet Guy beckman@angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org