[124201] in North American Network Operators' Group
Re: IPv4 ANYCAST setup
daemon@ATHENA.MIT.EDU (Mark Andrews)
Fri Mar 26 12:19:57 2010
To: Valdis.Kletnieks@vt.edu
From: Mark Andrews <marka@isc.org>
In-reply-to: Your message of "Fri, 26 Mar 2010 09:52:48 EDT."
<4828.1269611568@localhost>
Date: Sat, 27 Mar 2010 03:17:04 +1100
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
In message <4828.1269611568@localhost>, Valdis.Kletnieks@vt.edu writes:
> --==_Exmh_1269611568_4209P
> Content-Type: text/plain; charset=us-ascii
>
> On Fri, 26 Mar 2010 09:40:39 EDT, Max Larson Henry said:
>
> > - Yes but as for DNS, anycast is essentially used for user requests (UDP)
> > not to perform zone transfer(TCP).
>
> DNS uses TCP for more than just XFR. For instance, if you're running a
> resolver that doesn't do EDNS0, and you hit an (increasingly common) DNSSEC
> signed reply, it's going to be over 512 bytes and the lack of EDNS0 will
> cause it to re-ask via TCP.
DNSSEC depends on EDNS and DO being set in the EDNS OPT record, so
won't get DNSSEC records, except in response to * queries, for non
EDNS queries.
> Just mentioning it because the sort of sites that think TCP==XFR are the
> sort most likely to be running firewalls that munch the EDNS0 bits, and
> are setting themselves up for big surprises in the very near future.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
