deploying DNS in large ISP

Marc.Thach at radianz.com Marc.Thach at radianz.com
Thu Jul 5 15:13:15 UTC 2001 


Barry,
I've floated the idea of using anycast for DNS within our organisation.  I
haven't pushed too hard because I'm wary about possible pitfalls that I
will encounter, so I'd be interested to know what sort of problems you
encountered.  I presume recursion, axfr  etc is done via another port, so
that seems OK.  What about TCP? I'm nervous that DNSSEC will make it more
common.  Clearly TCP session to an anycast address is liable to problems
when routes change.  Is this something that you've factored in somehow?
TIA
Marc Thach Xuan Ky marc.thach at radianz.com
________________________________________________________________________
The views expressed are personal and do not necessarily reflect those of
the organisation providing the mail address from which this message was
sent





                                                                                                                
                    Barry Margolin                                                                              
                    <barmar at genuity        To:     comp-protocols-dns-bind at moderators.isc.org                   
                    .net>                  cc:                                                                  
                    Sent by:               Subject:     Re: deploying DNS in large ISP                          
                    bind-users-boun                                                                             
                    ce at isc.org                                                                                  
                                                                                                                
                                                                                                                
                    05/07/2001                                                                                  
                    15:41                                                                                       
                                                                                                                
                                                                                                                




We're using an "anycasting" mechanism for our caching DNS servers.  We've
deployed servers in most of our large POPs, and configured them with
virtual addresses corresponding to the resolver addresses that we tell our
customers to use (we sell leased-line services, not dialup, so we don't do
DHCP for our customers).  These addresses are redistributed into our OSPF
routing process, so our backbone automatically routes DNS lookups to the
closest caching server.

We're currently using static routes on the upstream routers, so removing a
server requires manual configuration changes by our network operators.  It
would probably be better to run gated on the server so that it would
advertise itself, and the advertisement would go away automatically if the
server crashes.  But when we set this up we decided to go the simple route
(no pun intended).  Even if we ran gated, we'd need to be able to disable
the route if the system stayed up but named died.

--
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the
group.

More information about the bind-users mailing list