TELEHOUSE America & Internet Software Consortium Develop DNS F-root Server in New York & Los Angeles

Deal Enables ISC to Mirror DNS Root Server in Additional U.S. Locations

Deal Enables ISC to Mirror DNS Root Server in Additional U.S. Locations

Let's hope Telehouse put them on the "good" generator. "N+1" is no fun if
the "+1" can't be routed to the 5th floor when "N" chokes up.

Charles Sprickman <> writes:

[Apologies to Suzanne for pre-empting her discussion about this.]

Each F-root node is carefully designed so that most failures which could stop a nameserver answering queries are reflected in the network, both within the F-root node, and within the F-root's service area. If a nameserver within a node is not available, the node will not send it queries; if all nameservers within a node are not available, the node will stop advertising to its local community of peers, who will stop sending queries to the node.

The potential for global instability in (and corresponding dampening of) due to some oscillatory error condition in a particular node is limited by the fact that each non-Palo Alto node advertises to peers only, and precautions are taken to limit the propagation of that prefix through peer networks. Only the Palo Alto node advertises for global transit.

If a local F-root node withdraws service, resolvers within its catchment area will see the BGP path to the global F-root node in Palo Alto exposed and selected. The change in relative RTTs will then cause resolvers (BIND-like resolvers, anyway) to reorder their ranking of how close the 13 root servers are, and referrals to the root from the catchment of the dead node will tend towards the new closest server, which may or may not be F.

Hence, a failure of a restricted-anycast node restores the usual availability of root servers -- it effectively just removes the local optimisation that the anycast node was providing.