L3: Google from DC via the Netherlands?

Mark Andrews Mark_Andrews at isc.org
Sun Feb 8 21:00:09 UTC 2009

In message <alpine.BSF.2.00.0902081439461.72677 at nog.angryox.com>, Peter Beckman
>   After a few emails traded with David Ulevitch from OpenDNS, it is clear to
>   me that they do NOT suffer from this issue, and have a work-around.  My
>   apologies to David and to OpenDNS for lumping them in and not doing better
>   due dilligence when researching this issue.
> On Sat, 7 Feb 2009, TJ wrote:
> > IMHO, off the top of my head, on a weekend where I haven't had enough coffe
> e
> > yet:
> >
> >     3. Anycasted DNS Providers? Not sure how they could fix it, other than
> >        flag certain domains as special, and do something special for them,
> >        but man that smells like a hack.
> >
> > Anycast is a good thing, but when geo-location style concerns are factored
> > in maybe they should have region-based anycast addresses.
>   Anycast is extremely useful for fault tolerance, agreed.  But what I
>   personally didn't consider, and I don't think other people consider, when
>   they chose to use an alternative DNS caching resolution providers is what
>   might break or not operate as expected.
>   Having traded a few private emails from people smarter than I at Google
>   and OpenDNS, I understand the issue much better than when I first posted.
>   Thank you to you both.
>   Here's a theoretical solution to this problem that I'd like to open for
>   discussion.
>      In each location where a provider hosts their anycasted service, there
>      is likely a local, non-anycasted IP address for each server.  When
>      receiving a DNS request that is not in the local cache, or has expired,
>      make the new request on that local IP address interface, rather than on
>      the anycasted IP address interface.  In those cases, GSLB records would
>      likely return a more accurate set of results for clients making DNS
>      requests of it, and when those records were requested from the
>      anycasted DNS resolving service, the cached records would more likely
>      be closer from a network standpoint to the actual service.
>   Obviously there are some issues:
>      * need to patch BIND or PowerDNS to use a different interface for
>        making new requests

	query-source ....;

>      * possibility of the responding anycasted DNS server being close to
>        server farm A, while being far away from DNS record requestor B
>   I'm curious to find out if others on the list know what other companies
>   are using GSLB, and what the actual impact of anycasted DNS caching
>   nameservers has on GSLB records.  If enough people are using anycasted DNS
>   resolution services, implementing a fix like this would reduce network
>   traffic.  By how much, I don't know.
> Beckman
> ---------------------------------------------------------------------------
> Peter Beckman                                                  Internet Guy
> beckman at angryox.com                                 http://www.angryox.com/
> ---------------------------------------------------------------------------
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the NANOG mailing list