Re: DNS anycasting - multiple DNS servers on same subnet Vs registrar/registry policies
On Tue, May 29, 2012 at 12:21:10AM +0530, Anurag Bhatia <me@anuragbhatia.com> wrote a message of 28 lines which said:
I know few registry/registrars which do not accept both (or all) name servers of domain name on same subnet.
Since my employer is one of these registries, let me mention that I fully agree with David Conrad here. On Tue, May 29, 2012 at 12:54:01AM +0530, Anurag Bhatia <me@anuragbhatia.com> wrote a message of 42 lines which said:
I am building redundancy within that setup. I mean it will be software based BGP so if hardware if fried up, it will break BGP session and pull off routes anyway and for cases like DNS server (software) failure, I will monitor it via simple bash script which can turn bgp daemon down.
You will address *some* failure modes with this setup but not all. Again, see David Conrad's examples of a fat finger adding your prefix in a route-map.
On Mon, May 28, 2012 at 09:32:29PM +0200, Stephane Bortzmeyer wrote:
On Tue, May 29, 2012 at 12:21:10AM +0530, Anurag Bhatia <me@anuragbhatia.com> wrote a message of 28 lines which said:
I know few registry/registrars which do not accept both (or all) name servers of domain name on same subnet.
Since my employer is one of these registries, let me mention that I fully agree with David Conrad here.
How does your employer know if two nameservers (two IP addresses) are on the same subnet? -- Brett
On May 29, 2012, at 01:56 , Brett Frankenberger wrote:
On Mon, May 28, 2012 at 09:32:29PM +0200, Stephane Bortzmeyer wrote:
On Tue, May 29, 2012 at 12:21:10AM +0530, Anurag Bhatia <me@anuragbhatia.com> wrote a message of 28 lines which said:
I know few registry/registrars which do not accept both (or all) name servers of domain name on same subnet.
Since my employer is one of these registries, let me mention that I fully agree with David Conrad here.
How does your employer know if two nameservers (two IP addresses) are on the same subnet?
Registrars are still rocking classful routing like its 1993. -- Mikkel
In message <5EBC0868-05D2-435E-A671-E957AF72F506@one.com>, Mikkel Mondrup Krist ensen writes:
On May 29, 2012, at 01:56 , Brett Frankenberger wrote:
On Mon, May 28, 2012 at 09:32:29PM +0200, Stephane Bortzmeyer wrote:
On Tue, May 29, 2012 at 12:21:10AM +0530, Anurag Bhatia <me@anuragbhatia.com> wrote a message of 28 lines which said:
I know few registry/registrars which do not accept both (or all) name servers of domain name on same subnet.
Since my employer is one of these registries, let me mention that I fully agree with David Conrad here.
How does your employer know if two nameservers (two IP addresses) are on the same subnet?
Registrars are still rocking classful routing like its 1993.
As long as they are covered by the same BGP anouncement they are NOT redundant. It shouldn't be that hard for registrars to take a full bgp feed and use it to validate. If it's in the same /24 for IPv4 it may as well be in the same subnet even if you have smaller subnets internally. The world only listens to the one announcement. For those of you who thing that if your net is down you don't need to be able to respond to DNS requests, the DNS is not designed to handle non reachable zones. It's designed to handle some of the nameservers for a zone being unreachable. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On Mon, May 28, 2012 at 06:56:29PM -0500, Brett Frankenberger <rbf+nanog@panix.com> wrote a message of 15 lines which said:
How does your employer know if two nameservers (two IP addresses) are on the same subnet?
The current heuristic for IPv4 is "belongs in the same /28" (and /64 for IPv6). Otherwise, Mark Andrews is right, we should use a BGP feed but it would be complicated for a command-line tool.
participants (4)
-
Brett Frankenberger
-
Mark Andrews
-
Mikkel Mondrup Kristensen
-
Stephane Bortzmeyer