DNS AND ANYCAST


fyi: managed dns services - edgedirector.com

Information on anycast network routing as it is applied to dns services is sometimes hard to find. It is also quite often misunderstood as somehow being superior to traditional unicast.

One assertion made is that anycast results in superior performance. This assertion is simply not true. This conclusion can be made by understanding the real behaviour of caching dns servers.

There have been some studies done by Duane Wessels to understand the behaviour of dns caches in selecting target servers in the face of multiple authoritative servers. The findings are published at DNS-OARC and were presented at NANOG.

The following is a slide from the NANOG presentation:

DNS servers on the other hand track RTTs for query responses and really *know* which server is the fastest rather than guess based on third hand routing information.

                        Iljitsch van Beijnum, 18 Sep 2003
                        BGP: Building Reliable Networks with the Border Gateway Protocol, O’Reilly Media

The original study and presentation can be found on the update note for PowerDNS which goes on to further say:

Recently someone asked if I know the behavior for PowerDNS.
...
It seems to favor the nameservers with the lowest latency, which is not too surprising.

A careful reading of the presentation, and especially, the study results, should help the reader to understand that in terms of real world performance, it is far better to let the individual isp dns servers select the *best* server out of any given set of authoritative servers than to try to forcefeed them with an arbitrary choice by means of anycast routing.

As a matter of fact, of all the servers tested, bind is the most pronounced in this behaviour. It is by no means an obscure behaviour. It is also a design target because the behaviour increases as release version numbers increase.

references

Duane Wessels

DNS Operations, Analysis, and Research Center (DNS-OARC)
members include ICANN, ARIN, AFRINIC, APNIC, LACNIC, RIPE, isc, ultradns, afilias, nlnetlabs, verisign, nominet, microsoft, secure64, and a number of network carriers.

North American Network Operators Group (NANOG)

paper (pdf)
presentation (pdf)

DNS-OARC MEMBERSHIP 2010

  • ISC
  • Afilias
  • Google
  • ICANN
  • Nominet
  • RIPE NCC
  • VeriSign
  • AFNIC
  • Cisco
  • Comcast
  • DENIC
  • McAfee
  • Microsoft
  • UltraDNS
  • .SE
  • CIRA
  • CNNIC
  • Community DNS
  • CZ.NIC
  • Damballa
  • Detica
  • DK Hostmaster
  • eNom
  • Georgia Tech
  • IEDR
  • Internet Identity
  • JPRS
  • Mark Monitor
  • NASK
  • NIC-Mexico
  • NLnet Labs
  • Norid
  • NZRS
  • Public Interest Registry
  • Registro.BR
  • Secure64
  • SIDN
  • tcinet.ru
  • Afraid.org
  • APNIC
  • ARIN
  • Autonomica
  • BFK
  • CAIDA
  • Carnegie-Mellon CERT
  • ChangeIP.com
  • Cogent
  • EP.net
  • ITESM CEM
  • KISA/KRNIC
  • LACNIC
  • NASA Ames
  • NIC Chile
  • NTT
  • OTTIX
  • PowerDNS
  • Team Cymru
  • University of Maryland
  • WIDE