Disperse located servers powered by anycast bgp will be much more resilient to attacks and local node can take the direct hit. Other anycast based locations will function as usual, unless the attack brings down the box and /24 route is withdrawn.... More and more Internet based services take advantages of lower TTL (many ISPs ignore it but still...) and if both dns servers for the particular domain are attacked with UDP flood and there is no cache record on your ISP's recursive DNS server - the service will be down. In anycast situation, a fraction of the clients will be affected... I still think /24 block anycast PI policy should be more open towards other business entities, not only for ccTLD's. Actually not that many ccTLDs use BGP anycast anyway.... I wish our company had monopoly for some Internet services or even monopoly for ccTLD registration - we would not care and spend $$ for set-up and additional monthly expenses by running anycast based DNS service either. ;) Unfortunately, we need to compete in business.... Sincerely, Greg At 17:04 2007.08.08.รท, David Conrad wrote:
Hi,
On Aug 8, 2007, at 12:38 PM, Greg L. wrote:
I would say IPv4 anycast /24 PI must be allocated for anycasting DNS service only. You simply can't add more nameservers if you hit the max limit...
The term "overkill" comes to mind. How many name servers does one actually need (anycast or not), particularly given the concept of caching?
The rules for IPv6 anycast allocations must be not that strict in the future... why? The address space will be more than enough, the router HW will be more powerful to handle large routing tables ...
While router hardware will undoubtedly be more powerful, the question of whether or not BGP will be able to converge with everybody and their great aunt having PI space is still open. Then there is the question of whether or not people will be happy with the O(10) ISPs capable of affording the hardware/power/cooling of the future DFZ routers (have you priced top-end routers recently?).
This proposal seems a bit on the extreme side to me.
Rgds, -drc