DNSOP mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: dnsop@cafax.se
cc: dns@ip.tele.dk
From: Måns Nilsson <mansaxel@sunet.se>
Date: Mon, 04 Nov 2002 20:44:35 +0100
Content-Disposition: inline
In-Reply-To: <7588BEEC-F00C-11D6-868E-0003934B2128@cisco.com>
Sender: owner-dnsop@cafax.se
Subject: Re: DoS and anycast

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --On Monday, November 04, 2002 16:45:35 +0100 Patrik Fältström
<paf@cisco.com> wrote:

> My view is that this _is_ ok, if both copies of 1.2.3.4 is handled by the
> same organization, so when A, or B calls the organization, they can check
> both servers and see they are in sync.

I think this is a wise precaution. Anycast holds a lot of promise, but as 
always with the latest and greatest, there is risk.  Mitigating this risk 
by keeping the controls quite tight is good.  Having said this,  I notice 
that most of the Internet around me seems to be served by a "rogue" AS112 
machine[0],  not listed on the as112.net home page, and not set up to the 
usual AS112 standards, so this control is probably impossible to enforce. 
I however still think that we ought to try to get as many anycast servers 
for the crucial zones (esp. root) as possible to comply with some kind of 
cooperative control scheme.   Seek them out and have them join the flock.

- -- 
Måns Nilsson            Systems Specialist
+46 70 681 7204         KTHNOC  MN1334-RIPE

We're sysadmins. To us, data is a protocol-overhead.

[0]	
$ traceroute blackhole-1.iana.org.
traceroute to blackhole-1.iana.org (192.175.48.6), 64 hops max, 40 byte
packets
 1  KTHNOC-1-GE6-0.sunet.se (192.36.125.1)  8.780 ms  2.465 ms  2.438 ms
 2  stockholm1-SRP4.sunet.se (130.242.94.8)  2.688 ms  2.644 ms  2.598 ms
 3  s-gw.nordu.net (193.10.252.181)  2.749 ms  3.989 ms  2.883 ms
 4  dk-gw2.nordu.net (193.10.68.38)  11.100 ms  10.912 ms  15.517 ms
 5  sl-gw10-cop-9-0.sprintlink.net (80.77.65.25)  24.712 ms  24.357 ms
16.482 ms
 6  sle-teledanm-1-0.sprintlink.net (80.77.65.30)  13.202 ms  11.21 ms
11.579 ms
 7  so-1-2-3.622M.albnxu1.ip.tele.dk (195.249.7.66)  13.539 ms  28.26 ms
11.936 ms
 8  so-0-0-0.2488M.arcnxu1.ip.tele.dk (195.249.7.237)  15.998 ms  17.719 ms
21.30 ms
 9  pos8-0.2488M.arcnxg1.ip.tele.dk (195.249.7.117)  14.765 ms  14.304 ms
14.780 ms
10  blackhole-1.iana.org (192.175.48.6)  19.989 ms  28.793 ms  23.670 ms
$ 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (OpenBSD)

iD8DBQE9xs4t02/pMZDM1cURAjXzAJwP7s+GIxYBey4gGXeWb3gzFCxWVgCfflN/
bitXv6ZEmObEX/1tx3X4B9U=
=V5RA
-----END PGP SIGNATURE-----

#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.

References:
- Re: DoS and anycast
  - From: Patrik Fältström <paf@cisco.com>

Prev by Date: Re: DoS and anycast
Next by Date: Re: DoS and anycast
Prev by thread: Re: DoS and anycast
Next by thread: Re: DoS and anycast
Index(es):
- Date
- Thread

Home | Date list | Subject list