Re: well-known Anycast prefixes

[Bryan Holloway <bryan () shout net>]

On 3/21/19 11:52 AM, Ross Tajvar wrote:
> Not all any-casted prefixes are DNS resolvers and not all DNS resolvers 
> are anycasted. It sounds like you would be better served by a list of 
> well-known DNS resolvers.

True on both counts, and that's why I said "help".


> On Thu, Mar 21, 2019 at 12:35 PM Bryan Holloway <bryan () shout net 
> <mailto:bryan () shout net>> wrote:
>
>
>     On 3/21/19 10:59 AM, Frank Habicht wrote:
>      > Hi James,
>      >
>      > On 20/03/2019 21:05, James Shank wrote:
>      >> I'm not clear on the use cases, though.  What are the imagined
>     use cases?
>      >>
>      >> It might make sense to solve 'a method to request hot potato
>     routing'
>      >> as a separate problem.  (Along the lines of Damian's point.)
>      >
>      > my personal reason/motivation is this:
>      > Years ago I noticed that my traffic to the "I" DNS root server was
>      > traversing 4 continents. That's from Tanzania, East Africa.
>      > Not having a local instance (back then), we naturally sent the
>     traffic
>      > to an upstream. That upstream happens to be in that club of those who
>      > don't have transit providers (which probably doesn't really
>     matter, but
>      > means a "global" network).
>
>     /snip
>
>      > Greetings,
>      > Frank
>      >
>
>     I can think of another ...
>
>     We rate-limit DNS from unknown quantities for reasons that should be
>     obvious. We white-list traffic from known trusted (anycast) ones to
>     prevent a DDoS attack from throttling legitimate queries. This would be
>     a useful way to help auto-generate those ACLs.