[150604] in North American Network Operators' Group
Re: Reliable Cloud host ?
daemon@ATHENA.MIT.EDU (Jared Mauch)
Tue Feb 28 09:03:31 2012
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <42252.1330372433@turing-police.cc.vt.edu>
Date: Tue, 28 Feb 2012 09:02:00 -0500
To: Valdis.Kletnieks@vt.edu
Cc: Nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 27, 2012, at 2:53 PM, Valdis.Kletnieks@vt.edu wrote:
> On Mon, 27 Feb 2012 14:02:04 EST, William Herrin said:
>=20
>> The net result is that when you switch the IP address of your server,
>> a percentage of your users (declining over time) will be unable to
>> access it for hours, days, weeks or even years regardless of the DNS
>> TTL setting.
>=20
> Amen brother.
>=20
> So just for grins, after seeing William's I set up a listener on an =
address
> that had an NTP server on it many moons ago. As in the machine was =
shut down
> around 2002/06/30 22:49 and we didn't re-assign the IP address ever =
since
> *because* it kept getting hit with NTP packets.. Yes, a decade ago.
>=20
> In the first 15 minutes, 234 different IP's have tried to NTP to that =
address.
I hereby reject the principle that one can not renumber a host/name and =
move it.
Certainly some people will see breakage. This is because their software =
is defective, sometimes in a critical way, other times in a way that is =
non-obvious.
But I reject the idea that you can't move a service, or have one MX, =
DNS, etc.. host be down and have it be fatal without something else =
being SERIOUSLY broken. If you are right, nobody could ever renumber =
anything ever, nor take a service down ever in the most absolute terms.
I've been involved in large scale DNS server renumbering/moving/whatnot. =
It's harder these days than it was in the past, but its feasible. I =
know those resolver addresses that have been retired still get queries =
from *very* broken hosts. Just because they're getting queries, doesn't =
mean they are expecting an answer, or will properly handle it.
Sometimes you have to break the service worse for people to repair it. =
Look at the DCWG.org site and try to get an idea if you're infected. At =
some point those will go away. Doesn't mean those people aren't =
broken/infected and REQUIRE remediation.
- Jared=
