[153022] in North American Network Operators' Group
Re: DNS anycasting - multiple DNS servers on same subnet Vs
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Mon May 28 15:37:55 2012
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <CAJ0+aXaoTEUy+pog_g0cq2JE5SU82yX9+sOXmrHw6EeF9J77_A@mail.gmail.com>
Date: Mon, 28 May 2012 15:37:13 -0400
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On May 28, 2012, at 15:24 , Anurag Bhatia wrote:
> On Tue, May 29, 2012 at 12:50 AM, Tony Finch <dot@dotat.at> wrote:
>> Anurag Bhatia <me@anuragbhatia.com> wrote:
>>>=20
>>> One small concern I wanted to discuss here. I know few
>>> registry/registrars which do not accept both (or all) name servers =
of
>>> domain name on same subnet. They demand at least 1 DNS server should =
be
>>> on different subnet for failover reasons (old thoughts).
>>>=20
>>> How one can deal with such case in case of anycasting setup which =
using
>>> one single subnet everywhere?
>>=20
>> You still want name servers on more than one subnet in case the =
anycast
>> setup breaks.
>>=20
> I am building redundancy within that setup. I mean it will be software
> based BGP so if hardware if fried up, it will break BGP session and =
pull
> off routes anyway and for cases like DNS server (software) failure, I =
will
> monitor it via simple bash script which can turn bgp daemon down. So =
once
> it is off, routing tables should take it to different node.
Famous last words: "I am building redundancy...." As if "redundancy" =
stops someone else announcing your prefix and sucking in half the =
packets on the 'Net meant for you. (Just one of many failure modes =
against which you cannot possibly defend.)
That said, IMHO, if you want to shoot yourself in the foot, you should =
be allowed to do so. Your foot, your decision. I'm sure there are =
registrars out there that do not babysit you. Find one that doesn't =
tell you how to run your own infrastructure.
And enjoy the extra spice that gives your life. :)
--=20
TTFN,
patrick
