DNS pulling BGP routes?

Jean St-Laurent jean at ddostest.me
Thu Oct 7 16:25:06 UTC 2021

Nice document.

In section 2.5 Routing, this is written:

Distributing Authoritative Name Servers via Shared Unicast Addresses...

organizations implementing these practices should
   always provide at least one authoritative server which is not a
   participant in any shared unicast mesh.

Could it be that by having the NS a,b in one mesh and c,d in another was a mistake?

-----Original Message-----
From: NANOG <nanog-bounces+jean=ddostest.me at nanog.org> On Behalf Of Masataka Ohta
Sent: October 7, 2021 11:27 AM
To: Bjørn Mork <bjorn at mork.no>
Cc: nanog at nanog.org
Subject: Re: DNS pulling BGP routes?

Bjørn Mork wrote:

>>>>> This is quite common to tie an underlying service announcement to 
>>>>> BGP announcements in an Anycast or similar environment.
>>>> Yes, that is a commonly seen mistake with anycast.
>>> You don't know what you're talking about.
>> I do but you don't.
> https://datatracker.ietf.org/doc/html/rfc4786#section-4.4.1
> Not a mistake. BCP.

My comment on the rfc is that it is simply wrong.

See also:

    While it would be
    possible to have some process withdraw the route for a specific
    server instance when it is not available, there is considerable
    operational complexity involved in ensuring that this occurs
    reliably.  Given the existing DNS failover methods, the marginal
    improvement in performance will not be sufficient to justify the
    additional complexity for most uses.

which was our consensus at that time in DNSOP. I have no idea why it was forgotten.

						Masataka Ohta

More information about the NANOG mailing list