On Tue, Oct 12, 2021 at 8:41 AM Masataka Ohta < mohta@necom830.hpcl.titech.ac.jp> wrote:
Matthew Petach wrote:
With an anycast setup using the same IP addresses in every location, returning SERVFAIL doesn't have the same effect, however, because failing over from anycast address 1 to anycast address 2 is likely to be routed to the same pop location, where the same result will occur.
That's why that is a bad idea. Alternative name servers with different IP addresses should be provided at separate locations.
Masataka Ohta
Sure. But that doesn't do anything to help prevent the type of outage that hit Facebook, which was the point I was trying to make in my response. Facebook did use different IP addresses, and it didn't matter, because the underlying health of the network is what was at issue, not the health of the nameservers. I agree with you--different IP addresses should be used in different geographic locations, even with anycast setups. But people need to also recognize that's not a panacea that solves everything, and that it wouldn't have changed the nature of the outage last week. Thanks! :) Matt