DNS question

[Shachar Shemesh]

On 06/17/2011 03:33 AM, Amos Shapira wrote:
> I'm not sure what you are asking - DNS servers are supposed to be 
> there in order to respond to queries, why shouldn't they answer 
> queries? The slaves are there exactly as a back-up in case the master 
> becomes unavailable. What else do you think they are there for?
>
> If at all - the usual setup is that the master is hidden behind a 
> firewall and only the slaves answer queries. This is supposed to make 
> it harder to inject bad records into the database since the 
> secondaries should only read from a secure none-public server.
>
> BTW - if you have your own servers and your own IP address block then 
> check options for using anycast to get DNS queries routed to the 
> closest DNS server (http://en.wikipedia.org/wiki/Anycast).
The little I know of anycast, I'd be surprised if there were more than 
~20 organizations world wide that are capable of doing it.

You need to be managing your own IP address range (via BGP) as an entry 
requirement. This means 1024 IP addresses, as that was BGP's minimal 
entry level. You need to allocate that range exclusively for anycast use 
- you can mix any cast and normal use over the same range. In other 
words, you can only run anycast if you have dedicated server farms, each 
both quite big and multiply connected, scattered around the world. I 
doubt that's what Hetz has, though I can imagine that's what Google (or 
GoDaddy) is doing.

Shachar

-- 
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com