In message <alpine.bsf.2.00.0902081439461.72...@nog.angryox.com>, Peter Beckman
writes:
> After a few emails traded with David Ulevitch from OpenDNS, it is clear to
> me that they do NOT suffer from this issue, and have a work-around. My
> apologies to David and to OpenDNS for lumping them in and not doing better
> due dilligence when researching this issue.
>
> On Sat, 7 Feb 2009, TJ wrote:
>
> > IMHO, off the top of my head, on a weekend where I haven't had enough coffe
> e
> > yet:
> >
> > 3. Anycasted DNS Providers? Not sure how they could fix it, other than
> > flag certain domains as special, and do something special for them,
> > but man that smells like a hack.
> >
> > Anycast is a good thing, but when geo-location style concerns are factored
> > in maybe they should have region-based anycast addresses.
>
> Anycast is extremely useful for fault tolerance, agreed. But what I
> personally didn't consider, and I don't think other people consider, when
> they chose to use an alternative DNS caching resolution providers is what
> might break or not operate as expected.
>
> Having traded a few private emails from people smarter than I at Google
> and OpenDNS, I understand the issue much better than when I first posted.
> Thank you to you both.
>
> Here's a theoretical solution to this problem that I'd like to open for
> discussion.
>
> In each location where a provider hosts their anycasted service, there
> is likely a local, non-anycasted IP address for each server. When
> receiving a DNS request that is not in the local cache, or has expired,
> make the new request on that local IP address interface, rather than on
> the anycasted IP address interface. In those cases, GSLB records would
> likely return a more accurate set of results for clients making DNS
> requests of it, and when those records were requested from the
> anycasted DNS resolving service, the cached records would more likely
> be closer from a network standpoint to the actual service.
>
> Obviously there are some issues:
> * need to patch BIND or PowerDNS to use a different interface for
> making new requests
query-source ....;
> * possibility of the responding anycasted DNS server being close to
> server farm A, while being far away from DNS record requestor B
>
> I'm curious to find out if others on the list know what other companies
> are using GSLB, and what the actual impact of anycasted DNS caching
> nameservers has on GSLB records. If enough people are using anycasted DNS
> resolution services, implementing a fix like this would reduce network
> traffic. By how much, I don't know.
>
> Beckman
> ---------------------------------------------------------------------------
> Peter Beckman Internet Guy
> beck...@angryox.com http://www.angryox.com/
> ---------------------------------------------------------------------------
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
