IETF Logo Mail Archive

Re: [DNSOP] Anycast and DNS questions

David Conrad <drc@virtualized.org> Wed, 03 September 2014 17:02 UTC

Return-Path: <drc@virtualized.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29B841A0368 for <dnsop@ietfa.amsl.com>; Wed, 3 Sep 2014 10:02:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qFK0cMyXv6kH for <dnsop@ietfa.amsl.com>; Wed, 3 Sep 2014 10:01:55 -0700 (PDT)
Received: from mail-pd0-f173.google.com (mail-pd0-f173.google.com [209.85.192.173]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 158811A0362 for <dnsop@ietf.org>; Wed, 3 Sep 2014 10:01:54 -0700 (PDT)
Received: by mail-pd0-f173.google.com with SMTP id p10so11598295pdj.18 for <dnsop@ietf.org>; Wed, 03 Sep 2014 10:01:54 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:mime-version:content-type:from :in-reply-to:date:cc:message-id:references:to; bh=jzEB65GKV1z7BpCmFtWVzxnIppYjHlHUd70oRvjC8As=; b=iZQ08kGb6kOx6EqpzvdP2grFO0mwQQJ8kjMKGqYJ9LtbkgMRnaPRYYCflDlqB/PtKo Fw+O5HsVNsokkLF6VBoVFfhYmqBpiET1kGozcaeVuDQ0bcO6Xnk8/kucDyNoceCy1JEq WlaV4Td0AWDH1zxIb4rkyMHw3uYphlC23Pb4jHxqoSJcY7qK5tUZN49a1pVfMYPMjY2b PVAw+9E5a2xKSbE6WwiekLduQsX+OVQPEt9GRAeRl0qkt9nLzeTTDbX2FXpKVdzVKrrX WpmuoRjIXgLTlAK+NTTFXYT3zp6329XQPrqtOejBY9fk/72NCVEgCk2pdg9ceSV4vwGG Ur5Q==
X-Gm-Message-State: ALoCoQlsGV8i1x4bxJOUXeEZp5LLujry+y9E+KS0duAoWPLfsa/nDMrlB2zmoTKhNyYyTVUkCYl5
X-Received: by 10.66.141.142 with SMTP id ro14mr595419pab.104.1409763712939; Wed, 03 Sep 2014 10:01:52 -0700 (PDT)
Received: from [10.0.1.11] ([73.162.11.38]) by mx.google.com with ESMTPSA id yr3sm19738923pac.1.2014.09.03.10.01.51 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 03 Sep 2014 10:01:51 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Content-Type: multipart/signed; boundary="Apple-Mail=_D20B591B-18FC-42A4-B6AA-3CC4A124E128"; protocol="application/pgp-signature"; micalg="pgp-sha512"
From: David Conrad <drc@virtualized.org>
X-Priority: 3
In-Reply-To: <2014090323421459684126@cnnic.cn>
Date: Wed, 03 Sep 2014 10:01:50 -0700
Message-Id: <1704A9DF-C082-451F-9962-69AC20495313@virtualized.org>
References: <20140806114759.GF5546@cisco.com>, <25907D96-0076-417A-8DB9-41A5A178D479@ianai.net>, <20140806123205.GG5546@cisco.com>, <2014082716115865363718@cnnic.cn>, <BAF35D7F-D6BA-45F3-B57E-BAF25F940355@virtualized.org>, <5405718F.5010007@sidn.nl> <2014090312002502171843@cnnic.cn>, <5406DD50.5040502@necom830.hpcl.titech.ac.jp> <2014090323421459684126@cnnic.cn>
To: Guangqing Deng <dengguangqing@cnnic.cn>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/EUBr5wHpyxSRvF7tQz60EWUmZh4
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] Anycast and DNS questions
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Sep 2014 17:02:02 -0000

Hi,

On Sep 3, 2014, at 8:42 AM, Guangqing Deng <dengguangqing@cnnic.cn> wrote:
> From RFC1034 section 4.1, it seems that the way used for improving the redundancy and resilience of DNS system is to increase DNS servers. I agree that for the performance of the DNS system, the redundancy and resilience are the first goal and low latency is the second goal. Usually, the first goal mainly depends on the DNS server deployment policy (such as the total number and geographical distribution of DNS severs) and the second goal relates to not only the DNS server deployment policy but also the method used for DNS clients selecting the best DNS server like any cast.

Careful here.

Anycast improves redundancy/resiliency for the system as a whole.  As typically deployed, it may not improve redundancy/resiliency for a single client.  For example, if a DNS server instance in an anycast cloud is no longer responding to DNS queries due to a DoS but the routing announcement of that instance is not pulled down, the clients topologically nearest that instance will not see improved redundancy/resiliency — they’ll not see any responses.

Anycast may or may not improve latency — it depends on the routing system. If the “nearest” instance network topologically to a set of clients happens to be on the other planet, latency will not be improved for those clients.

Anycast is a very blunt tool. It can help improve redundancy/resiliency and latency if properly deployed, constantly monitored, and maintained, but it is very important to understand its limitations and implications.

Regards,
-drc

v2.23.0 | Report a Bug | By Email