DNS anycast considered harmful (was: .ORG problems this evening)

Thu Sep 18 11:57:15 UTC 2003

On donderdag, sep 18, 2003, at 13:38 Europe/Amsterdam, Todd Vierling 
wrote:

> : 	ultradns uses the power of anycast to have these ips that appear
> : to be on close subnets in geographyically diverse locations.

> Oh, that's brilliant.  How nice of them to defeat the concept of 
> redundancy
> by limiting me to only two of their servers for a gTLD.

Well, for me one goes to London and the other to Washington, so from 
where I'm sitting there is geographical diversity.

But having only two servers and anycast those is nonsense. That means I 
have to depend on BGP to get to the closest server. This is something 
BGP is really bad at. DNS servers on the other hand track RTTs for 
query responses and really *know* which server is the fastest rather 
than guess based on third hand routing information.

And more importantly: if there is only a single working server, 
everyone in the world is able to reach it. With anycast it can easily 
happen that you're transported to the nearest dead server.

For the root anycasting makes some sense as it's impossible to add more 
real root servers because of packet size limitations (but I hope 
they're smart enough to keep some non-anycasted root servers around), 
but with only two servers listed, org really doesn't need anycasting.

> the same route before hitting !H from an ultradns.com rDNS machine.

What's up with those host unreachables anyway? I wouldn't be surprised 
if there are IP stacks that cache these. Then if you do a ping to one 
of the org servers and get a host unreachable, any subsequent DNS 
queries will be dropped locally as well. There are other ICMP responses 
that make much more sense for what they're trying to do.