Hello Giovane, On Wed, Nov 28, 2018 at 12:56 PM Giovane Moura <giovane.mo...@sidn.nl> wrote: > This is an informational draft that presents recommendations for > authoritative DNS operators, based on research works we have been > conducting over the last few years.
Thank you for sharing this! A few suggestions: > 5. R4 [..] > - It can withdraw or pre-prepend its route to some or to all of its > neighbors, shrinking its catchment (the number of clients that BGP > maps to it), shifting both legitimate and attack traffic to other > anycast sites. The other sites will hopefully have greater > capacity and be able to service the queries. Not necessarily so. First, one can (may?) use BGP communities to limit the route announcement propagation, thus making the distribution between sites more even. Second, Flowspec/DOTS/selective BH/et cetera. > 6. R5 [..] Shouldn't we wait before the faith of draft-ietf-dnsop-serve-stale is determined? The outcome of this one may be then heavily influenced. Anyway, it's not quite clear what this section suggests. Should I set the TTL to 10s? What are the consequences of that? How's that related to my threat model? > 2: R1 [..] (yes, out of order) Well, *one* (and there may be more) of the reasons to maintain authoritative servers with uneven latency distribution may be to have a) some fast servers you can afford to get brought down by a DDoS attack, b) a "lightning rod" — a purposefully degraded absorber, mentioned in (5). > 2: R1 [..] > But the distribution of queries tend to be skewed towards authoritatives with > lower There's a reason for that that you may want to mention, namely, smoothed RTT. | Töma Gavrichenkov | gpg: 2deb 97b1 0a3c 151d b67f 1ee5 00e7 94bc 4d08 9191 | mailto: xima...@gmail.com | fb: ximaera | telegram: xima_era | skype: xima_era | tel. no: +7 916 515 49 58 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
