anycast dns

Anycast DNS

WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS

Outline

Current Anycast routing Anycast implemented Problems resolved Future


Definitions

DNS Authoritative Recursive/Caching


Current DNS

IP Address Management: Maintain DNS: ISC BIND


Current DNS – Layer 1


Current DNS Layer 7


DNS Problems 1

Load Redundancy Configuration


DNS Problems 2

Constituency Caching Monitoring Complexity Non-standard Domains


DNS Requirements

Availability Redundancy Complexity Integration


“New” DNS Design*

+Linux +ISC Bind+Cfengine+Anycast Routing


Why Linux?

Cost Hardware


Routing - Unicast

Single machine to single machine

Web browsing


Routing - Broadcast

Single machine to all

ARP lookup


Routing - Multicast

Single machine to some (not all)

Save resources IP TV


Routing - Anycast

Single machine to one of some

DNS/RADIUS/NTP

Single machine to one of some

DNS/RADIUS/NTP


Anycast – Is it new?

95% of the root name servers Corporations (eg: easydns.com) Google


Anycast - Implemented 1

RHEL host runs Quagga (open source router)

Hosts have a /30 uplink to a constituency router


Anycast - Implemented 2

The router config for cr-adns-mc-1

router ospf ospf router-id 129.97.2.54 passive-interface sit0 network 129.97.2.1/32 area 0.0.0.1 network 129.97.2.2/32 area 0.0.0.1 network 129.97.2.52/30 area 0.0.0.1 network 172.16.3.0/32 area 0.0.0.1


Anycast - Implemented 3Routing entry for 129.97.2.1/32

Known via "ospf 10", distance 110, metric 11, type intra area

Last update from 129.97.2.54 on Vlan505, 1d05h ago

Routing Descriptor Blocks:

129.97.2.74, from 129.97.2.74, 1d05h ago, via Vlan500

Route metric is 11, traffic share count is 1

* 129.97.2.66, from 129.97.2.66, 1d05h ago, via Vlan502


129.97.2.62, from 129.97.2.62, 1d05h ago, via Vlan503



Anycast Cluster – Layer 1


Failure - Single Node

Hardware Failure

Network failure Routine

Maintenance


Failure - Single Node


Failure – MC Machine Room


Failure – All MC


Failure Timings

Expected Worst case: 65s Technical Worst case: 105s Mitigate with unicast secondary


Load - Authoritative


Load - Caching


Problems Addressed – Total Load

Current Total 9/5k Anycast Total 100/30K Load ~ 2k/sec Auth = 2/3


Problems Addressed – Redundancy

Anycast DNS provides non instant automated fail-over


Problems Addressed – Configuration

Single config for all Anycast servers


Problem Addressed - Constituency Caching

Can only recommend


Problems Addressed - Monitoring


Problem Addressed - Complexity

Still complex layout Automated


But what about the dots?

Stern warning


Time lineDate Item

DoneJan 2010

Mar 2010Mar 2010 All: change DNS option DHCP machineJun 2010 All: change DNS hard-coded servers Sep 2010

Wireless (Campus + Resnet)Campus: AdminResnet: Using new DNS

Shutdown of 129.97.128.100


Try it

$ dig +short @129.97.2.1 HOSTNAME.BIND CH TXT

"cr-adns-ech-1">nslookup -type=TXT -class=CHAOS HOSTNAME.BIND 129.97.2.1

Server: cn-ns1.uwaterloo.caAddress: 129.97.2.1HOSTNAME.BIND text = "cr-adns-ech-1"


Future

NS1 Slave diversity Second Cluster MS DNS / DDNS DHCP


Questions?

[email protected]

anycast dns

Documents

redundancyanycast dns

isc bindcurrent dns

isc bind cachingmath

somednsradiusntpsingle

bind text

traffic share count

dns hardcoded serverssep

dns option dhcp machinejun