DNS question
Amos Shapira
amos.shapira at gmail.com
Fri Jun 17 10:21:07 IDT 2011
On 17 June 2011 15:28, Shachar Shemesh <shachar at shemesh.biz> wrote:
> On 06/17/2011 03:33 AM, Amos Shapira wrote:
>
>> I'm not sure what you are asking - DNS servers are supposed to be there in
>> order to respond to queries, why shouldn't they answer queries? The slaves
>> are there exactly as a back-up in case the master becomes unavailable. What
>> else do you think they are there for?
>>
>> If at all - the usual setup is that the master is hidden behind a firewall
>> and only the slaves answer queries. This is supposed to make it harder to
>> inject bad records into the database since the secondaries should only read
>> from a secure none-public server.
>>
>> BTW - if you have your own servers and your own IP address block then
>> check options for using anycast to get DNS queries routed to the closest DNS
>> server (http://en.wikipedia.org/wiki/**Anycast<http://en.wikipedia.org/wiki/Anycast>
>> ).
>>
> The little I know of anycast, I'd be surprised if there were more than ~20
> organizations world wide that are capable of doing it.
>
You need to be managing your own IP address range (via BGP) as an entry
> requirement. This means 1024 IP addresses, as that was BGP's minimal entry
> level. You need to allocate that range exclusively for anycast use - you can
> mix any cast and normal use over the same range. In other words, you can
> only run anycast if you have dedicated server farms, each both quite big and
> multiply connected, scattered around the world.
We have our own /22 block with our own AS number and BGP entries, operating
from a tiny DC in California and a couple of colo srevers in London. I
wouldn't say we are a very large operation (we are actually a tiny fish for
now).
Neustar have their entire business around this (anycast DNS with about 9
DC's around the world) and they don't seem to be a much bigger operation
than ours.
I doubt that's what Hetz has, though I can imagine that's what Google (or
> GoDaddy) is doing.
>
That's why I suspect that at least part of Hetz' motivation to go it alone
is just to play with the techie stuff more than a business sense. To me it
makes much more sense to off-load such stuff to specialized providers so he
can concentrate on his core value-added services. Though I admit I don't
know his specific situation.
--Amos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20110617/c0b9ee74/attachment.html>
More information about the Linux-il
mailing list