[124180] in North American Network Operators' Group
Re: IPv4 ANYCAST setup
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Fri Mar 26 09:55:02 2010
To: Max Larson Henry <maxlarson.henry@mtptc.gouv.ht>
In-Reply-To: Your message of "Fri, 26 Mar 2010 09:40:39 EDT."
<90155a1e1003260640o30471802u884af64208873684@mail.gmail.com>
From: Valdis.Kletnieks@vt.edu
Date: Fri, 26 Mar 2010 09:52:48 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1269611568_4209P
Content-Type: text/plain; charset=us-ascii
On Fri, 26 Mar 2010 09:40:39 EDT, Max Larson Henry said:
> - Yes but as for DNS, anycast is essentially used for user requests (UDP)
> not to perform zone transfer(TCP).
DNS uses TCP for more than just XFR. For instance, if you're running a
resolver that doesn't do EDNS0, and you hit an (increasingly common) DNSSEC
signed reply, it's going to be over 512 bytes and the lack of EDNS0 will
cause it to re-ask via TCP.
Just mentioning it because the sort of sites that think TCP==XFR are the
sort most likely to be running firewalls that munch the EDNS0 bits, and
are setting themselves up for big surprises in the very near future.
--==_Exmh_1269611568_4209P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFLrLwwcC3lWbTT17ARAjJfAJ4mPBoDfT8NkTuO/ERwrDybdXit1wCgxLV1
YnM1rrMs6aajnOOuiSJjYOg=
=WcLZ
-----END PGP SIGNATURE-----
--==_Exmh_1269611568_4209P--
