Re: [nznog] TelstraVodaHug core lag

On Wed, Sep 18, 2013 at 10:30:34AM -0400, Joe Abley wrote:

On 2013-09-18, at 04:36, Nathan Ward wrote:

...

Maybe something better would be getting an IANA assigned address for providers to stick on their DNS servers, and everyone can anycast it.

I'm interested in why people think this would be a good idea.

Running a caching resolver at an ISP is a twitchy business. There's nothing more likely to make the helpdesk phone ring (or for people to declare your network to be dead, and to take steps to move elsewhere) than a flaky resolver.

A resolver service distributed using anycast across multiple/many ISPs seems likely to result in your customers using someone else's resolver infrastructure at least some of the time. Given the tight bond between resolver service quality and customer experience, this seems like an idea with curious business characteristics (unless everybody does it, but that doesn't seem like a particularly low-energy state for the world to be in).

I thought this would be a good idea too when reading these messages, but I didn't get around to bringing it up. I think it's more important for non transit providers, that implement services etc. And is generally good for the internet as a whole. I don't think it really benefits ISP's, .. If you have a statically configured DNS server, and you change ISP's, either the old ISP is open and will continue to work, or it's closed, and suddenly your DNS will stop resolving. You can use a local dns recursor, but most of the time people only have one DNS resolver if it's local, unless they're big enough that they can support not only one but two or more DNS resolvers, which may also mean that they are big enough to look into anycast for multiple locations etc. The main caveat is if you have multiple upstream providers, then what provider should it go through? Should there be more than oner /24, so a different one could be used for primary or secondary? That said, it could be said that if you are big enough to have multiple upstreams, you're big enough to run your own DNS resolvers.. I think there are a few primary points of consideration, the first is that unless there are multiple points of presence right from the start, then it's too fragile to be worth using for a client. There'd need to be something like root-servers that are already using anycast and are in multiple locations. But most root servers are only in a few locations, so maybe some kind of alliance between a few would be necessary. Also sometimes root servers seem to disappear from locations, like f.root-servers.net used to have a location in NZ, but now seems to go to Brisbane... The second is that it should be considered that this will perform no better than ISP name servers, but add diversity, and/or be more likely to work if on mobile network, remote wifi network, or if usual place of connection changed upstreams. This means if the ISP name server does mirrored caching between multiple POP's then this one could too, but the intention shouldn't be to extend beyond normal ISP DNS capabilities and create any kind of improved performance. The third is that ISP's should still dish out their primary DNS servers over DHCP, and tell their users to use their own DNS servers. Support for such should be hidden, and not required for an ISP, but optimise the performance for end users that have had their DNS set to use this as primary/secondary/tertiary. Something not completely related or unrelated, is that when people are doing Anycast for DNS in general (both authoriative and recursive) it seems pretty common to send both primary and secondary DNS to the same region. I've seen this with both recursive and authorative, and it icnreases the chance of problems. The simple solution is to make secondary not be anycast and in an unrelated region, as I understand it can be complicated to shift traffic around right to use anycast in a secondary region while optimising all other paths.