DNS anycasting - multiple DNS servers on same subnet Vs registrar/registry policies
me at anuragbhatia.com
Mon May 28 19:47:34 UTC 2012
On Tue, May 29, 2012 at 1:07 AM, Patrick W. Gilmore <patrick at ianai.net>wrote:
> On May 28, 2012, at 15:24 , Anurag Bhatia wrote:
> > On Tue, May 29, 2012 at 12:50 AM, Tony Finch <dot at dotat.at> wrote:
> >> Anurag Bhatia <me at anuragbhatia.com> wrote:
> >>> One small concern I wanted to discuss here. I know few
> >>> registry/registrars which do not accept both (or all) name servers of
> >>> domain name on same subnet. They demand at least 1 DNS server should be
> >>> on different subnet for failover reasons (old thoughts).
> >>> How one can deal with such case in case of anycasting setup which using
> >>> one single subnet everywhere?
> >> You still want name servers on more than one subnet in case the anycast
> >> setup breaks.
> > I am building redundancy within that setup. I mean it will be software
> > based BGP so if hardware if fried up, it will break BGP session and pull
> > off routes anyway and for cases like DNS server (software) failure, I
> > monitor it via simple bash script which can turn bgp daemon down. So once
> > it is off, routing tables should take it to different node.
> Famous last words: "I am building redundancy...." As if "redundancy"
> stops someone else announcing your prefix and sucking in half the packets
> on the 'Net meant for you. (Just one of many failure modes against which
> you cannot possibly defend.)
> Well, you could make me realize those painful points more humble way.
Anyways, really appreciate points you made and yes, I must find some way
out to them. May be I was wrong in posting question here before doing my
homework. I am sorry everyone.
That said, IMHO, if you want to shoot yourself in the foot, you should be
> allowed to do so. Your foot, your decision. I'm sure there are registrars
> out there that do not babysit you. Find one that doesn't tell you how to
> run your own infrastructure.
> And enjoy the extra spice that gives your life. :)
or simply - http://[2001:470:26:78f::5] if you are on IPv6 connected
Linkedin <http://in.linkedin.com/in/anuragbhatia21> |
More information about the NANOG