IPv4 ANYCAST setup

Joe Abley jabley at hopcount.ca
Fri Mar 26 17:06:02 UTC 2010


On 2010-03-26, at 06:40, Max Larson Henry wrote:

>>> has someone experience in anycast ipv4 networks (to support DNS)?
>> 
>> "Never been done" "Dangerous" "TCP does not work" etc etc etc.
> 
> - Yes but as for DNS, anycast is essentially used for user requests (UDP)
> not to perform zone transfer(TCP).

As others have mentioned, TCP can generally be used for any DNS query, not just AXFR.

This becomes more important as DNS responses get bigger, e.g. responses from root servers due to the root zone containing DNSSEC information, see <http://www.root-dnssec.org/>.

If your nameserver can't be reached over TCP, it's likely that there are people who can't talk to your nameserver. This means your DNS records can't be found. This is a bad thing.

Here, in glorious LOLCAPS:

  ALWAYS MAKE SURE YOUR DNS SERVER CAN BE REACHED OVER TCP
  TCP IS NOT JUST FOR ZONE TRANSFERS
  FIX YOUR FIREWALLS

:-)


Joe



More information about the NANOG mailing list