well-known Anycast prefixes
Bryan Holloway
bryan at shout.net
Thu Mar 21 17:39:01 UTC 2019
On 3/21/19 11:52 AM, Ross Tajvar wrote:
> Not all any-casted prefixes are DNS resolvers and not all DNS resolvers
> are anycasted. It sounds like you would be better served by a list of
> well-known DNS resolvers.
True on both counts, and that's why I said "help".
> On Thu, Mar 21, 2019 at 12:35 PM Bryan Holloway <bryan at shout.net
> <mailto:bryan at shout.net>> wrote:
>
>
> On 3/21/19 10:59 AM, Frank Habicht wrote:
> > Hi James,
> >
> > On 20/03/2019 21:05, James Shank wrote:
> >> I'm not clear on the use cases, though. What are the imagined
> use cases?
> >>
> >> It might make sense to solve 'a method to request hot potato
> routing'
> >> as a separate problem. (Along the lines of Damian's point.)
> >
> > my personal reason/motivation is this:
> > Years ago I noticed that my traffic to the "I" DNS root server was
> > traversing 4 continents. That's from Tanzania, East Africa.
> > Not having a local instance (back then), we naturally sent the
> traffic
> > to an upstream. That upstream happens to be in that club of those who
> > don't have transit providers (which probably doesn't really
> matter, but
> > means a "global" network).
>
> /snip
>
> > Greetings,
> > Frank
> >
>
> I can think of another ...
>
> We rate-limit DNS from unknown quantities for reasons that should be
> obvious. We white-list traffic from known trusted (anycast) ones to
> prevent a DDoS attack from throttling legitimate queries. This would be
> a useful way to help auto-generate those ACLs.
>
More information about the NANOG
mailing list