I wanted to let everyone know about OpenDNS. They provide publicly-accessible DNS servers at the following addresses:
This is a fantastic service, and leads me to a discussion on the topic of Anycast and DNS.
Anycast is one of the types of traffic flows. Remember the other types:
- Unicast: used for peer to peer communication (1 to 1). Use IP classes A, B, and C here.
- Multicast: used for one to many communication (1 to n, where n indicates the multicast subscribers). Multicast addresses are class D, range 126.96.36.199 to 188.8.131.52, or 184.108.40.206/4 in CIDR notation.
- Broadcast: used for one to ALL communication (1 to N, where N indicates all systems within a broadcast domain). This is also known as the all-ones IP address, i.e: 255.255.255.255
Anycast is similar but doesn’t have a specific IPv4 address like Multicast and Broadcast. I would opine that it’s 1 to x, where x is the closest (from a routing perspective) Unicast address.
This will work as long as your application supports it. The DNS is one of those applications because it’s UDP-based, and you simply fire off a query to the nearest DNS server and accept any reply that comes back. In fact, the top-level domain (TLD) servers are anchored in Anycast IP addresses. I suspect that OpenDNS servers are also using Anycast, with a back-end replication and zone transfers being performed using the ‘real’ IP addresses of the servers. RFC3258 outlines how the TLD Anycast service is set up, but basically it works like this:
The IP addresses you want to use for Anycast are advertised in several places within your network. If you have a global network, you might use 10.0.0.0/8 in Europe as well as China and Canada. If you are in China trying to reach this address, the network will route you to the closest 10.0.0.0/8 advertisement point. The nice thing is, if that route is no longer advertised in a particular location, the network will route you to the next closest one. Keep in mind that the service is not necessarily tied to advertisement of this prefix within your network, so some additional mechanism will need to be in place to avoid blackholing traffic.