DNS pulling BGP routes?

Wed Oct 13 13:26:37 UTC 2021

Matthew Petach wrote:

>>> With an anycast setup using the same IP addresses in every
>>> location, returning SERVFAIL doesn't have the same effect,
>>> however, because failing over from anycast address 1 to
>>> anycast address 2 is likely to be routed to the same pop
>>> location, where the same result will occur.
>>
>> That's why that is a bad idea. Alternative name servers with
>> different IP addresses should be provided at separate locations.

> Sure.  But that doesn't do anything to help prevent the
> type of outage that hit Facebook, which was the point I
> was trying to make in my response. Facebook did use > different IP addresses, and it didn't matter, because the
 > underlying health of the network is what was at issue,
 > not the health of the nameservers.

A possible solution is to force unbundling of CDN providers and
transit providers by antitrust agencies.

Then, CDN providers can't pursue efficiency only to kill
fundamental redundancy of DNS.

For network neutrality, backbone providers *MUST* be neutral
for contents they carry.

However, CDN providers having their own backbone are using
their backbone for contents they prefer, which is *NOT*
neutral at all.

As such, access/retail providers may pay for peering with
neutral backbone providers for their customers but should
reject direct peering request from, actively behaving against
neutrality, CDN providers.

> I agree with you--different IP addresses should be
> used in different geographic locations, even with
> anycast setups.
> 
> But people need to also recognize that's not a
> panacea that solves everything, and that it wouldn't
> have changed the nature of the outage last week.

We should recognize the fundamental difference between
independent, thus neutral, backbone providers and
CDN providers with anti-neutral backbone of their own.

						Masataka Ohta