On Tue, 15 Jun 2004, Gert Doering wrote:
One comment asked for "do we really need yet another special rule here", and my reply would be "the current PA and PI policy doesn't permit doing this without lying to the NCC", *and* DNS is really special here due to protocol constraints.
If you qualify for at least /24 of v4 address space, there shouldn't be a problem with current v4 policy? If you can't qualify for that amount of addresses, do we care about anycasting that kind of server? Remember, nothing prevents anycasting with your existing allocated blocks. Hence, the policy for allocating these special PI/PA prefixes should be at least as strict as the policy for getting PI/PA prefixes in the first place .. to avoid getting around policies.
------------ snip ------------ "Operators providing DNS for a zone served by a number of name servers such that the total response size when including the list of nameservers for the zone is close to the UDP packet size limit may be assigned dedicated network prefixes for the sole purpose of anycasting name servers, as described on RFC 3258. These shall be: a /24 IPv4 prefix and/or a /32 IPv6 prefix per anycast server set, which will usually only be one per operator. The prefixes shall be tagged as 'ASSIGNED ANYCAST' in the RIPE database and should be returned to the RIPE NCC if not in use for anycast DNS any longer." ------------ snip ------------
I object to this as a whole, but even if we agreed that this is desirable in general, I have two strong objections: (1) there is little reason for allocating a /32 IPv6 prefix except for getting around the IPv6 policy. Why not use the "critical infrastructure" /48's for this, so we can easily filter out this junk in our BGP :) Proposal: change /32 to /48. (2) this proposal takes no stance on who can request a block of addresses like this for his DNS servers? People could add up servers and addresses for them just for the purposes of getting nice PI prefix(es) for their DNS servers. Wouldn't it be nice, never having to renumber your DNS server addresses in different registries etc. This is short-sighted. We should restrict this approach to specific class of DNS servers, like ccTLDs or the like -- if that's the class of DNS servers where we'd intend do something like this. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings