Archive for the ‘DNS’ tag
No akamai, No internet
Damn. This is why people should not rely on a single solution: Akamai DNS Issue.
And we are suffering from the same problem here. Yahoo!, Google, Apple, Microsoft, Fedex, all the big sites, you name it. Everyone is off the net now.
Akamai is down, internet is down.
update: Akamai DNS Outage Messes up Net
Smart “IP” people
Steve Friedl has pointed out that how DNS root operators use some tricks to make life easier.
The trick in fact in called “Anycast Addressing” and it is like setting the same IP address on different servers at different places. In DNS root server case for example, K root server (operated by RIPE NCC) has one IP address which is 193.0.14.129. But its not only one server in one location. There is one in London, another in Amsterdam and the last one in Frankfurt. And always the closest one to you (from routing point of view) answers your request.
Why is that? The reason behind this trick is load balancing. Root servers are very busy by serving thousands of requests every second. So its better to balance the load between different servers at different locations for load balancing, fault tolerance and traffic management reasons.
And a little bit more about anycase of you are interested:
Anycast addressing is nothing more than assigning a common IP address to multiple instances of the same service, which are located at strategic points in the overal network topology. By utilizing the underlying routing infrastructure of the Internet, IP packets are forwarded to the nearest instance of an anycast service. Common network services that can most easily take advantage of anycast addressing include DNS, multicast rendezvous points (RPs), syslog, network flow export, IPv6 to IPv4 relay routers and sink hole networks.
via Kuro5hin: Anycast Addressing on the Internet
In fact, the IP engineering and network traffic management is always tricky, especially when you are dealing with high traffic services like operating DNS root servers.
Blocking verisign DNS wildcards
I am happily running BIND 9.2.3rc4 on four DNS servers around the world, blocking DNS wildcards on .net and .com zones. delegation-only feature worked fine out of the box. The only tricky part of the process was installing BIND9 on FreeBSD which has bind8 installed as part of operating system.
Installation from ports tree only installs binaries and documents. So you should perform all configurations manually.
