/8 end user assignment?
Sabri Berisha
sabri at cluecentral.net
Fri Aug 5 11:54:44 UTC 2005
On Fri, Aug 05, 2005 at 04:10:46AM -0700, Bill Woodcock wrote:
>
> On Fri, 5 Aug 2005, Sabri Berisha wrote:
> > With the use of anycast DNS servers on the internet, TCP is no longer an
> > option for DNS.
>
> Bzzzt. Try again.
/--[cabernet]--[merlot]--[riesling]--[server 1]
[end-host] ----- [shiraz] |
\--[sangria]]--[chardonnay]--[bordeaux]--[server 2]
Imagine a TCP session between end-host and server 1. The path is
asymmetric: traffic from end-host to server 1 flows as
shiraz->cabernet->merlot->riesling->server 1
traffic from server 1 to end-host flows as
riesling->merlot->chardonnay->sangria->shiraz->end-host
end-host does a dns request, and server 1 answers.
There are now 2 things which can theoretically break:
1. route change
Suppose merlot looses adjacency with riesling. It will then send the
tcp-packets from end-host to server 2, which has now knowledge of the
session and return a RST
2. mtu problems
Suppose server 1 returns a packet with an size of X bytes. Suppose
Chardonnay has an mtu of X-1 to Sangria. Chardonnay will then send a
packet-too-large to the server 1. But what if Chardonnay has a better
route via Bordeaux instead of via Merlot? The icmp packet will not
arrive at server 1 and the request will time out.
Yes, this is theoretically. Yes the request will definately be
retransmitted. But it can brake, so imho anycast dns using tcp is not a
wise thing to do.
--
Sabri Berisha,
Juniper Certified - JNCIA #747 | Cisco Certified - CCNA
email: sabri at cluecentral.net | cell: +31 6 19890416
http://www.cluecentral.net/ | http://www.virt-ix.net/
More information about the NANOG
mailing list