To:
bill <bmanning@karoshi.com>
CC:
Alain Durand <Alain.Durand@Sun.COM>, itojun@iijlab.net, dnsop@cafax.se
From:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date:
Thu, 13 Nov 2003 07:00:51 +0900
In-Reply-To:
<200311121947.hACJlQs02572@karoshi.com>
Sender:
owner-dnsop@cafax.se
User-Agent:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
Subject:
Re: well-known addresses / was DNS discovery
bill; >>> If you are willing to commit your enterprise to absorb 0.1% >>> of the total packets generated by 200,000,000 devices, then >>> perhaps I will be persuaded that use of well-known addresses >>> is an operationally acceptable technique. >> >>200,000 devices are not for usual enterprises (or universities) >>but for ISPs of medium scale. > > > missed an order of magnitude there. Because you said 0.1%. > presuming a vendor > picks the "well-known" address that your enterprise uses > and burns it into eproms (e.g. the recent netgear episode) > and ships them -worldwide- then all those devices will > try and use your service - since it has your well known > address hard coded. That is a problem caused primarily by stupidity of a vendor but partly by not having a standard (anycast) address of the NTP server. If configuration is necessary, vendors tend to put some value at factory. If SNTP RFC have listed some well known anycast address (including meaningless one such as 127.0.0.1) and have stated it should be the well known default, it was fine. >>If there are other cases, let me know so that I can try to use >>anycast approach for the problems. Thank you and Jim for another case. >>I think I have shown a solution on the problem on root server >>addresses with anycast addresses and AS numbers. > and there are significant long-term problems with that > approach, such as content coherence and route hijacking. Anycast root allows a local administrator control a local root server. So, content coherence is a local issue. You, as a subscriber trying to run your own server, can ask your ISP or anyone you want where a newest copy is. As an ISP, ask NIC or anyone you want. Route hijacking is a problem of a unicast root sever and anycast is the solution. How can you hijack a route confined in an ISP? Masataka Ohta #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.