Re: AWS S3 DNS load balancer

[Lukas Tribus <lukas () ltri eu>]

Hello,


> AWS is doing Geo-based load balancing and spitting things out,
> and networks with eyeballs are doing their own things for traffic
> management and trying to do shortest paths to things – and responsible
> operators want to minimize the non-desirable and non-deterministic
> behaviors.

You can't use DNS to get "all" service IP's of a service like S3 or a
CDN for traffic engineering purposes. That will not work, ever (for
services of such scale).

The hackery is assuming you can build a list of service IP's by querying DNS.


> There are a lot of reasons why someone may want this… particularly
> to manage *other* people geo-basing their transport, but is this a
> local hack or is this a feature of one of the major auth-DNS packages.
> If its local hackery, trying to manage for it becomes a thankless activity.

CDN's and huge service work like this, and they use the standardized
tools like DNS they have at their disposal.

Building lists of service IP's from DNS is what the "local-hackery" here is.


Toby explained the proper way to get the IP ranges. It's not via DNS,
it never was.


Lukas