[124205] in North American Network Operators' Group
Re: IPv4 ANYCAST setup
daemon@ATHENA.MIT.EDU (Joe Abley)
Fri Mar 26 13:07:11 2010
From: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <90155a1e1003260640o30471802u884af64208873684@mail.gmail.com>
Date: Fri, 26 Mar 2010 10:06:02 -0700
To: Max Larson Henry <maxlarson.henry@mtptc.gouv.ht>
X-SA-Exim-Mail-From: jabley@hopcount.ca
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 2010-03-26, at 06:40, Max Larson Henry wrote:
>>> has someone experience in anycast ipv4 networks (to support DNS)?
>>=20
>> "Never been done" "Dangerous" "TCP does not work" etc etc etc.
>=20
> - Yes but as for DNS, anycast is essentially used for user requests =
(UDP)
> not to perform zone transfer(TCP).
As others have mentioned, TCP can generally be used for any DNS query, =
not just AXFR.
This becomes more important as DNS responses get bigger, e.g. responses =
from root servers due to the root zone containing DNSSEC information, =
see <http://www.root-dnssec.org/>.
If your nameserver can't be reached over TCP, it's likely that there are =
people who can't talk to your nameserver. This means your DNS records =
can't be found. This is a bad thing.
Here, in glorious LOLCAPS:
ALWAYS MAKE SURE YOUR DNS SERVER CAN BE REACHED OVER TCP
TCP IS NOT JUST FOR ZONE TRANSFERS
FIX YOUR FIREWALLS
:-)
Joe=
