On 3/21/19 11:52 AM, Ross Tajvar wrote:
Not all any-casted prefixes are DNS resolvers and not all DNS resolvers
are anycasted. It sounds like you would be better served by a list of
well-known DNS resolvers.
True on both counts, and that's why I said "help".
On Thu, Mar 21, 2019 at 12:35 PM Bryan Holloway <br...@shout.net
<mailto:br...@shout.net>> wrote:
On 3/21/19 10:59 AM, Frank Habicht wrote:
> Hi James,
>
> On 20/03/2019 21:05, James Shank wrote:
>> I'm not clear on the use cases, though. What are the imagined
use cases?
>>
>> It might make sense to solve 'a method to request hot potato
routing'
>> as a separate problem. (Along the lines of Damian's point.)
>
> my personal reason/motivation is this:
> Years ago I noticed that my traffic to the "I" DNS root server was
> traversing 4 continents. That's from Tanzania, East Africa.
> Not having a local instance (back then), we naturally sent the
traffic
> to an upstream. That upstream happens to be in that club of those who
> don't have transit providers (which probably doesn't really
matter, but
> means a "global" network).
/snip
> Greetings,
> Frank
>
I can think of another ...
We rate-limit DNS from unknown quantities for reasons that should be
obvious. We white-list traffic from known trusted (anycast) ones to
prevent a DDoS attack from throttling legitimate queries. This would be
a useful way to help auto-generate those ACLs.
