2

Some time ago, RFC 6106 was created, which states how a router tells the clients about the DNS server to be used. It is a new standard, it has to be implemented, which needs time etc.

I'm courious about the need for it: wouldn't have it been better to define a "globally valid" anycast address for DNS? Queries would be sent to this address and would be promoted along the default route until there is a host which claims to be responsible for it.

In an enterprise network, that would be a central DNS server (or even more, on really big companies); in a SOHO network, it would either be the router or the DNS server of the ISP, in a root server hosting data center, it would be the DNS of the hoster, etc.

What do I see wrong here? Do I have a wrong view of the anycast concept?

Community
  • 1
glglgl
  • 711
  • 1
  • 6
  • 22

1 Answers1

2

"Anycast" is normally taken to mean the advertising of a common address from multiple locations via a routing protocol.

Hence on the global internet, that implies multiple BGP4 announcements of a single IPv4 /24. I need to check what (if any) subnet size would be used for IPv6 - it's most likely a /32.

For smaller networks (i.e. within one Autonomous System) it would mean advertising a single address via an Interior Gateway Protocol such as OSPF, or IS-IS, or similar.

You've actually kind of demonstrated one reason why it might not be considered a good idea. Since the "anycast" address wouldn't be in the same subnet all traffic to it would have to pass to the default gateway. If your DNS server is actually on the same physical subnet this means all your DNS traffic goes over the network twice, and makes the default gateway a single point of failure.

FWIW, most SOHO CPE don't currently know how to do routing protocols or DNS properly, and IMHO (i.e. see my RFC 5625) it would be a bad mistake for a SOHO CPE to attempt to intercept all DNS traffic to a pre-specified (hard-coded) address and handle it themselves.

FWIW, I think that there's some mileage in the use of Anycast for finding the recursive DNS services within a network (and it's not a new idea by any means), but that shouldn't replace the use of IPv6 RAs or DHCPv6 to allow use of specified Unicast addresses.

Alnitak
  • 21,191
  • 3
  • 52
  • 82