To:
dns op wg <dnsop@cafax.se>
From:
Måns Nilsson <mansaxel@sunet.se>
Date:
Wed, 23 Oct 2002 10:42:54 +0200
Content-Disposition:
inline
In-Reply-To:
<E184471-0003F3-00@rip.psg.com>
Sender:
owner-dnsop@cafax.se
Subject:
Re: anycast
--On Tuesday, October 22, 2002 11:50:43 -0700 Randy Bush <randy@psg.com> wrote: > smb made what seems like a good suggestion for how to prudently > deploy anycast root and gtld servers prior to dnssec deployment. > > an isp runs one or more anycast slaves for root and/or gtld servers > within their autonomous system and filters out other announcements > of that address at their border. just plain don't let it into your > igp. think of it as a degenerate case of the massey nanog paper. > > the question then becomes how to acquire an authentic copy of the > root and gtld zone files on a regular basis. this may be as much > of a layer nine pain as a layer four one. Root zone is simple: -rw-r--r-- 1 9998 213 14348 Oct 22 21:12 root.zone.gz -rw-r--r-- 1 9998 213 75 Oct 22 21:38 root.zone.gz.md5 -rw-r--r-- 1 9998 213 72 Oct 22 21:38 root.zone.gz.sig are available for ftp. The signature would be easily verified, had the key been easy to find. I had to look for some time to find it... Layer nine is always unpredictable; though. -- Måns Nilsson Systems Specialist +46 70 681 7204 KTHNOC MN1334-RIPE We're sysadmins. To us, data is a protocol-overhead. #---------------------------------------------------------------------- # To unsubscripbe, send a message to <dnsop-request@cafax.se>.