<div dir="ltr"><div class="gmail_quote">On 17 June 2011 15:28, Shachar Shemesh <span dir="ltr"><<a href="mailto:shachar@shemesh.biz">shachar@shemesh.biz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
On 06/17/2011 03:33 AM, Amos Shapira wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I'm not sure what you are asking - DNS servers are supposed to be there in order to respond to queries, why shouldn't they answer queries? The slaves are there exactly as a back-up in case the master becomes unavailable. What else do you think they are there for?<br>
<br>
If at all - the usual setup is that the master is hidden behind a firewall and only the slaves answer queries. This is supposed to make it harder to inject bad records into the database since the secondaries should only read from a secure none-public server.<br>
<br>
BTW - if you have your own servers and your own IP address block then check options for using anycast to get DNS queries routed to the closest DNS server (<a href="http://en.wikipedia.org/wiki/Anycast" target="_blank">http://en.wikipedia.org/wiki/<u></u>Anycast</a>).<br>
</blockquote>
The little I know of anycast, I'd be surprised if there were more than ~20 organizations world wide that are capable of doing it.<br></blockquote><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
You need to be managing your own IP address range (via BGP) as an entry requirement. This means 1024 IP addresses, as that was BGP's minimal entry level. You need to allocate that range exclusively for anycast use - you can mix any cast and normal use over the same range. In other words, you can only run anycast if you have dedicated server farms, each both quite big and multiply connected, scattered around the world.</blockquote>
<div><br><div><br>
We have our own /22 block with our own AS number and BGP entries,
operating from a tiny DC in California and a couple of colo srevers in
London. I wouldn't say we are a very large operation (we are actually a
tiny fish for now).<br>
Neustar have their entire business around this (anycast DNS with about 9
DC's around the world) and they don't seem to be a much bigger
operation than ours.<br>
<br>
</div></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"> I doubt that's what Hetz has, though I can imagine that's what Google (or GoDaddy) is doing.<br>
</blockquote><div><br>That's why I suspect that at least part of Hetz' motivation to go it alone is just to play with the techie stuff more than a business sense. To me it makes much more sense to off-load such stuff to specialized providers so he can concentrate on his core value-added services. Though I admit I don't know his specific situation.<br>
<br>--Amos<br><br></div></div></div>