To:
Randy Bush <randy@psg.com>
Cc:
Bruce Campbell <bruce.campbell@ripe.net>, dnsop@cafax.se
From:
Patrik Fältström <paf@cisco.com>
Date:
Mon, 4 Nov 2002 16:04:56 +0100
In-Reply-To:
<E188ian-000Aft-00@rip.psg.com>
Sender:
owner-dnsop@cafax.se
Subject:
Re: DoS and anycast
On måndag, nov 4, 2002, at 15:52 Europe/Stockholm, Randy Bush wrote:
> to be specific, i see no reason that the root cache ip address for
> server X should not be anycast internally within multiple isps as
> long as
> o the isps' anycast servers serve consistent data
Ack
> o the scope of the anycast routing announcement is bounded
Ack
> o if X is controlled by some entity, e.g. the iana, that the
> entity coordinates the mechanism(s) of zone distribution and
> authentication, and maybe even has means of testing content
I don't know if we say the same thing. Let me try to explain what I
think:
If organization X is responsible for IP address Y today, i.e. X:Y is in
the whois database, then X is also the organization people will call
when wrong data comes from address Y, regardless of what copy of Y the
wrong data comes from.
Because of this, for every Y, there must be an X which know where all
copies of Y is, so they can see/detect which one have wrong data -- and
fix it. The organization X should even have a warning system which
warns them when one of the copies of Y give wrong data / is out of sync.
paf
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.