pk at ISOC.DE
Tue Feb 25 11:16:46 UTC 2014
> Peter, the isolation of anycast nodes is not at attribute of the DNS protocol, it is strictly a manipulation of the routing system,
> the DNS -design- using the ?belt-suspenders?/root-hints file to bootstrap priming queries, is expected to be globally reachable.
I'm not sure I understand your French. Anycast itself is not an "attribute of
the DNS protocol". Priming (== the process of providing the resolver with the
list of names and, more importatly, addresses, of the root name servers) is
no different in this context than any other subsequent query/response exchange.
> From a DNS perspective, they _are_ expected to answer queries from anywhere. When you tweak the routing system to not forward
> packets, thats not DNS. But yes, its a fine point and very much technical in nature - perhaps not the right fodder for this list.
>From a DNS perspective, the expectation is aimed towards the "letter",
not a particular instance. But we're digressing. In a statement upthread
you suggested that a root server (node, instance) deployed somewhere
to serve a local community would either attract or be prepared to
attract and serve DNS traffic from all over the planet. Setting aside the
previous argument re: expectations, it should be clear that in operational
reality and practice as of today, this is not a concern.
That said, I would also like to join others suggesting that the role of the
root name servers and their exact placement is probably overrated in comparison
to other parts of the DNS tree. They serve a small zone with public content
and are probably queried less often than authoritative servers. Availability
and short response times are key, but that's a matter of network topology.
-Peter (whose local resolver currently uses lots of out-of-country root server instances)
More information about the discuss