IETF Logo Mail Archive

Re: [DNSOP] Anycast and DNS questions

joel jaeggli <joelja@bogus.com> Wed, 03 September 2014 17:21 UTC

Return-Path: <joelja@bogus.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7640D1A0276 for <dnsop@ietfa.amsl.com>; Wed, 3 Sep 2014 10:21:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level:
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.668] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cvkwLSIqYLRz for <dnsop@ietfa.amsl.com>; Wed, 3 Sep 2014 10:21:38 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D69371A0387 for <dnsop@ietf.org>; Wed, 3 Sep 2014 10:21:38 -0700 (PDT)
Received: from mb-aye.local (c-67-188-0-113.hsd1.ca.comcast.net [67.188.0.113]) (authenticated bits=0) by nagasaki.bogus.com (8.14.7/8.14.7) with ESMTP id s83HLVmT022656 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 3 Sep 2014 17:21:32 GMT (envelope-from joelja@bogus.com)
Message-ID: <54074E19.4010202@bogus.com>
Date: Wed, 03 Sep 2014 10:21:29 -0700
From: joel jaeggli <joelja@bogus.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Thunderbird/32.0
MIME-Version: 1.0
To: David Conrad <drc@virtualized.org>, Guangqing Deng <dengguangqing@cnnic.cn>
References: <20140806114759.GF5546@cisco.com>, <25907D96-0076-417A-8DB9-41A5A178D479@ianai.net>, <20140806123205.GG5546@cisco.com>, <2014082716115865363718@cnnic.cn>, <BAF35D7F-D6BA-45F3-B57E-BAF25F940355@virtualized.org>, <5405718F.5010007@sidn.nl> <2014090312002502171843@cnnic.cn>, <5406DD50.5040502@necom830.hpcl.titech.ac.jp> <2014090323421459684126@cnnic.cn> <1704A9DF-C082-451F-9962-69AC20495313@virtualized.org>
In-Reply-To: <1704A9DF-C082-451F-9962-69AC20495313@virtualized.org>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="qJT6tk1kdgK6PbGwnmmIXqS83uIWv9iJl"
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (nagasaki.bogus.com [147.28.0.81]); Wed, 03 Sep 2014 17:21:33 +0000 (UTC)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/NSygDH50vi2Dj3Ugn9awhTn6ogk
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] Anycast and DNS questions
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Sep 2014 17:21:42 -0000

On 9/3/14 10:01 AM, David Conrad wrote:
> Hi,
> 
> On Sep 3, 2014, at 8:42 AM, Guangqing Deng <dengguangqing@cnnic.cn>
> wrote:
>> From RFC1034 section 4.1, it seems that the way used for improving
>> the redundancy and resilience of DNS system is to increase DNS
>> servers. I agree that for the performance of the DNS system, the
>> redundancy and resilience are the first goal and low latency is the
>> second goal. Usually, the first goal mainly depends on the DNS
>> server deployment policy (such as the total number and geographical
>> distribution of DNS severs) and the second goal relates to not only
>> the DNS server deployment policy but also the method used for DNS
>> clients selecting the best DNS server like any cast.

anycast is not a selection mechanism employed by a client. it is the
network that determines the catchment area served by a given anycast
instance.

> Careful here.
> 
> Anycast improves redundancy/resiliency for the system as a whole.  As
> typically deployed, it may not improve redundancy/resiliency for a
> single client.  For example, if a DNS server instance in an anycast
> cloud is no longer responding to DNS queries due to a DoS but the
> routing announcement of that instance is not pulled down, the clients
> topologically nearest that instance will not see improved
> redundancy/resiliency — they’ll not see any responses.
> 
> Anycast may or may not improve latency — it depends on the routing
> system. If the “nearest” instance network topologically to a set of
> clients happens to be on the other planet, latency will not be
> improved for those clients.
> 
> Anycast is a very blunt tool. It can help improve
> redundancy/resiliency and latency if properly deployed, constantly
> monitored, and maintained, but it is very important to understand its
> limitations and implications.
> 
> Regards, -drc
> 
> 
> 
> 
> _______________________________________________ DNSOP mailing list 
> DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
>

v2.23.0 | Report a Bug | By Email