Akadns and things that annoy me
What do you love about akadns? <silence hovers the sky> akamai’s dynamic global geo-content location system seems a great idea until you have to work with it in practice.
Fast Flux DNS is great to avoid DDOSers and the likes, but it’s a b*st*rd to ‘lock-on’ to for legit traffic
It seems that it fails in two ways:-
1) Firewalls which only support IP ACLs can’t cope with the dynamic nature of the IP hopping employed by the Geo-CDNs.
2) Firewalls which support DNS ACLs cache the result (often incorrectly and for too long) which ends up with a majority of failed connection attempts.
An epic fail on both counts
Interesting though – did anyone else notice that the akadns serial number is always that of UNIX time? (e.g. seconds since epoch of 1/1/1970), as such in their schema it is always the most up-to-date version available
Solution?: 0-second TTL for the alias A/CNAME/MX record?