At 8:18 PM -0700 6/3/01, Randy Bush wrote:
>we poor stupid operators have to do something to overcome the mis-designs
>of the oh so brilliant but reality-challenged.
>
>while one can not measure all dns transactions, a significant number of
>them use just such a 'misconfiguration'. please excuse our stupidity in
>wishing to continue to offer our customers better service.
Sigh.
This is the classic tradeoff between the expedient hack and an
alternative that accomplishes the same goal in a way that actually
fits with the way the system was designed to work, but takes some
more work to deploy.
If there is an urgent customer need to deploy IPv6 anycast DNS
transactions before the IPv6-capable DNS servers can be upgraded to
provide a unicast source address in response to an anycast query,
go ahead and (mis-)configure the servers to think an anycast address
is a unicast address. Sure, this will work fine almost all of the time
(or else you wouldn't be advocating it). And if all goes well, it won't
result in too many calls to your help desk, reporting unusual failures
that are difficult to diagnose because they are difficult to reproduce
(being the result of infrequent coincidences). Also, be sure that your
support staff makes a note of the non-obvious topological limitations
that must be adhered to to make your approach work properly, such as
making sure that two such servers are never placed in the same subnet
(so that DAD won't prevent the use of the shared address).
But can we please also work towards deploying the simple fix in the
servers required to support an anycast service that is not susceptible
to known potential failure modes and that does not have unexpected
topological restrictions? After all, this is the IPv6 effort, which
has the quixotic goal of trying to make the Internet less fragile,
rather than just not-too-much-more-fragile.
Steve
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
