> >> DNS does not provide the sort of intelligence necessary to direct > >> requests to the most appropriate server
> > Huh? A DNS can be as intelligent as it wants to be. > +1. For example, EDNS = > <https://ripe67.ripe.net/presentations/206-L-dnswg-Streibelt-ClientIP.pdf> Certainly edns client-subnet improves accuracy for multi-region ISPs and clients which use public resolvers. But really that's just a better input into the intelligent answer generation process of an auth. Unfortunately support is not wide-spread and the most popular open resolvers (namely google and opendns) require whitelisting before they will present the option to auths. That's a bit of a hurdle. One complaint I hear from ISPs is that client-subnet puts a lot more memory pressure on their caches - which makes sense. And of course there are very few cache implementations anyway, either open source or commercial. For both reasons, resolver-side support is not very wide-spread yet. So, all in all client-subnet is useful, but higher adoption would be nice. Going a little OT, one of the more intriguing aspects of client-subnet is that it help DNS queries go dark. What with DNS over HTTPS, google already running a public resolver and Apple announcing a DNS provider framework in iOS11, it's not beyond imagination that the major mobile OSes might well support tunnelling DNS queries to a "trusted" resolver in the not-to-distant future and leave local ISPs and meddling governments out of the loop. In this content, client-subnet lets GSLB perform accurately even when the query is issued from a possibly distant resolver. Otherwise, tunnelling queries can have way sub-optimal results when interacting with GSLBs. As an aside, a more recent reference is https://tools.ietf.org/html/rfc7871 Mark. _______________________________________________ AusNOG mailing list [email protected] http://lists.ausnog.net/mailman/listinfo/ausnog
