Re: anycast

[David Conrad <david.conrad@nominum.com>]

A correction.

I mis-remembered the comment (posted to NANOG) from Sean Donelan I
referenced.  Specifically, Sean said:

> DNS clients "need" to communicate with root servers infrequently.
> CAIDA (http://www.caida.org/projects/dns-analysis/) data measurements
> show an average (50th-percentile) DNS client contacts the root name
> servers less than 8 times in a week.

8 times a week is a bit different than once every eight days, ne?  Apologies
for any confusion.  However, I still stand behind the underlying concept --
the way DNS works makes this sort of optimization superfluous.

Addressing the rest of Pekka's most recent note:

> I believe the discussion was also about those servers possibly having
> ccTLD and gTLD data.

I'm not aware of the discussion -- all I saw was Randy Bush posting a bad
idea, purportedly coming from Steve Bellovin.  Sounds like further
machinations by the "DNS Cabal"(tm) (:-) if it is necessary).

> Imagine a situation where you could get every xxx.yyy name without going
> outside of your AS?

All things being equal, I'd agree that this sort of decentralization is
good.  Unfortunately, all things aren't equal -- there is currently no way
to determine if the root data returned is "corrupted".  When there is a way
(e.g., when the root zone is DNSSEC signed), I'd think it'd be a good idea
to hold off encouraging people from pretending to own address space they
don't have a right to.

Note that this is different than what some of the root servers are currently
doing wrt anycast.  Those root servers are announcing the address space they
have been delegated from their AS.

Rgds,
-drc

#----------------------------------------------------------------------
# To unsubscripbe, send a message to <dnsop-request@cafax.se>.