TELEHOUSE America & Internet Software Consortium Develop DNS F-root Server in New York & Los Angeles
Joe Abley
jabley at isc.org
Tue Feb 11 14:38:13 UTC 2003
On Tuesday, Feb 11, 2003, at 07:50 Canada/Eastern, Robert E. Seastrom
wrote:
> Charles Sprickman <spork at inch.com> writes:
>
>> On Mon, 10 Feb 2003, Paul Vixie wrote:
>>
>>> Deal Enables ISC to Mirror DNS Root Server in Additional U.S.
>>> Locations
>>
>> Let's hope Telehouse put them on the "good" generator. "N+1" is no
>> fun if
>> the "+1" can't be routed to the 5th floor when "N" chokes up.
>
> All is well if the router that announces the network is plugged into
> the same circuit (or if the announcement comes from a BGP speaker on
> the box itself). No big deal to lose a single root anyway, but this
> scenario would keep F "working as advertised", so to speak.
[Apologies to Suzanne for pre-empting her discussion about this.]
Each F-root node is carefully designed so that most failures which
could stop a nameserver answering queries are reflected in the network,
both within the F-root node, and within the F-root's service area. If a
nameserver within a node is not available, the node will not send it
queries; if all nameservers within a node are not available, the node
will stop advertising 192.5.5.0/24 to its local community of peers, who
will stop sending queries to the node.
The potential for global instability in (and corresponding dampening
of) 192.5.5.0/24 due to some oscillatory error condition in a
particular node is limited by the fact that each non-Palo Alto node
advertises 192.5.5.0/24 to peers only, and precautions are taken to
limit the propagation of that prefix through peer networks. Only the
Palo Alto node advertises 192.5.5.0/24 for global transit.
If a local F-root node withdraws service, resolvers within its
catchment area will see the BGP path to the global F-root node in Palo
Alto exposed and selected. The change in relative RTTs will then cause
resolvers (BIND-like resolvers, anyway) to reorder their ranking of how
close the 13 root servers are, and referrals to the root from the
catchment of the dead node will tend towards the new closest server,
which may or may not be F.
Hence, a failure of a restricted-anycast node restores the usual
availability of root servers -- it effectively just removes the local
optimisation that the anycast node was providing.
Joe
More information about the NANOG
mailing list