On Tue, Oct 12, 2021 at 8:41 AM Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> wrote:
Matthew Petach wrote:

> With an anycast setup using the same IP addresses in every
> location, returning SERVFAIL doesn't have the same effect,
> however, because failing over from anycast address 1 to
> anycast address 2 is likely to be routed to the same pop
> location, where the same result will occur.

That's why that is a bad idea. Alternative name servers with
different IP addresses should be provided at separate locations.

                                                Masataka Ohta


Sure.  But that doesn't do anything to help prevent the 
type of outage that hit Facebook, which was the point I 
was trying to make in my response.  Facebook did use 
different IP addresses, and it didn't matter, because the 
underlying health of the network is what was at issue, 
not the health of the nameservers. 

I agree with you--different IP addresses should be 
used in different geographic locations, even with 
anycast setups.

But people need to also recognize that's not a 
panacea that solves everything, and that it wouldn't 
have changed the nature of the outage last week.

Thanks!  :)

Matt