nanog mailing list archives

Re: IPv4 ANYCAST setup

From: Joe Abley <jabley () hopcount ca>
Date: Fri, 26 Mar 2010 10:06:02 -0700


On 2010-03-26, at 06:40, Max Larson Henry wrote:

has someone experience in anycast ipv4 networks (to support DNS)?


"Never been done" "Dangerous" "TCP does not work" etc etc etc.


- Yes but as for DNS, anycast is essentially used for user requests (UDP)
not to perform zone transfer(TCP).


As others have mentioned, TCP can generally be used for any DNS query, not just AXFR.

This becomes more important as DNS responses get bigger, e.g. responses from root servers due to the root zone 
containing DNSSEC information, see <http://www.root-dnssec.org/>.

If your nameserver can't be reached over TCP, it's likely that there are people who can't talk to your nameserver. This 
means your DNS records can't be found. This is a bad thing.

Here, in glorious LOLCAPS:

  ALWAYS MAKE SURE YOUR DNS SERVER CAN BE REACHED OVER TCP
  TCP IS NOT JUST FOR ZONE TRANSFERS
  FIX YOUR FIREWALLS

:-)


Joe

Current thread:

IPv4 ANYCAST setup InterNetX - Lutz Muehlig (Mar 26)
- Re: IPv4 ANYCAST setup Jeroen Massar (Mar 26)
  - Re: IPv4 ANYCAST setup Max Larson Henry (Mar 26)
    - RE: IPv4 ANYCAST setup Paul Ryland (Mar 26)
    - Re: IPv4 ANYCAST setup Valdis . Kletnieks (Mar 26)
    - Re: IPv4 ANYCAST setup Mark Andrews (Mar 26)
    - Re: IPv4 ANYCAST setup Jeroen Massar (Mar 26)
    - Re: IPv4 ANYCAST setup Owen DeLong (Mar 26)
    - Re: IPv4 ANYCAST setup Joe Abley (Mar 26)
    - Re: IPv4 ANYCAST setup Owen DeLong (Mar 26)
    - Re: IPv4 ANYCAST setup Joe Abley (Mar 26)
    - Re: IPv4 ANYCAST setup Kevin Oberman (Mar 29)
    - Re: IPv4 ANYCAST setup Randy Bush (Mar 29)
    - Re: IPv4 ANYCAST setup Tony Finch (Mar 30)
    - Re: IPv4 ANYCAST setup Randy Bush (Mar 30)
    - DNSSEC deployment testing and awareness (Was: Re: IPv4 ANYCAST setup) Phil Regnauld (Mar 30)
    - Re: DNSSEC deployment testing and awareness (Was: Re: IPv4 ANYCAST setup) Robert Kisteleki (Mar 30)
    - Re: DNSSEC deployment testing and awareness (Was: Re: IPv4 ANYCAST setup) Phil Regnauld (Mar 30)
    - Re: DNSSEC deployment testing and awareness Florian Weimer (Mar 30)
    - Re: IPv4 ANYCAST setup bmanning (Mar 30)
    - Re: IPv4 ANYCAST setup Valdis . Kletnieks (Mar 30)

(Thread continues...)