Re: Anycast root metrics and analysis

[hardie@equinix.com]

> On the "anyone can run their own server"  .. with the anycast scheme
> they can't really be stopped, and other than by filters in other providers
> access lists, they can't really be prevented from offering transit either
> should they want to.   

It is somewhat easier to get those filters in place and keep them in
place if a single AS should be the known transit provider.  It would
need to get added to the "bogon" filter lists out there (which have
things like how to deal wtih RFC 1918 addresses and exchange point
addresses in them now), but that's not all that hard.  A well behaved
participant would also have it in their filters for outbound
announcements.

But there's more to the stability of the DNS system
> than just getting the answers back as quickly as possible - the database
> needs to be properly maintained and updated.   What's more the comparative
> stability of the root zone actually makes that harder (it is easy to set up
> and test update procedures for a database that changes every day, much
> harder for one that only changes once a year or so).  More servers spread
> around improves access, but decreases trustworthiness of the data.  The
> two need to be balanced.

This is very true.  Like you, I wonder if "everyone" maintained a copy
of the root how well propogation of updates would occur.  My current
take is that splitting things with a "local copy permitted but single
global announcement" scheme would limit the scope of errors to those
making them, which has some advantages.




> 
> kre
> 
> ps: where I am now I am getting 1.8second RTTs to home (at least 1.2s to
> any root server) and approx 30% packet loss ... I know what benefits there
> are to be obtained from this.
> 
> 
>