IPv4 ANYCAST setup

Mark Andrews marka at isc.org
Fri Mar 26 11:17:04 CDT 2010


In message <4828.1269611568 at localhost>, Valdis.Kletnieks at vt.edu writes:
> --==_Exmh_1269611568_4209P
> Content-Type: text/plain; charset=us-ascii
> 
> On Fri, 26 Mar 2010 09:40:39 EDT, Max Larson Henry said:
> 
> > - Yes but as for DNS, anycast is essentially used for user requests (UDP)
> > not to perform zone transfer(TCP).
> 
> DNS uses TCP for more than just XFR.  For instance, if you're running a
> resolver that doesn't do EDNS0, and you hit an (increasingly common) DNSSEC
> signed reply, it's going to be over 512 bytes and the lack of EDNS0 will
> cause it to re-ask via TCP.

DNSSEC depends on EDNS and DO being set in the EDNS OPT record, so
won't get DNSSEC records, except in response to * queries, for non
EDNS queries.
 
> Just mentioning it because the sort of sites that think TCP==XFR are the
> sort most likely to be running firewalls that munch the EDNS0 bits, and
> are setting themselves up for big surprises in the very near future.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org




More information about the NANOG mailing list