nanog mailing list archives
Re: relays.osirusoft.com
From: Paul Vixie <paul () vix com>
Date: Wed, 27 Aug 2003 15:46:00 +0000
Someone has suggested 'anycasting' what do people (particually you Paul) think of using anycasting for a DNSbl? (- AS112 anyone?)
unowned anycast, such as that used in as112, is only possible when the replies have no value (and thus need not be synchronized or centrally authorized.) conversely, unowned anycast only adds value if the replies really ought to be sent anonymously. in the case of sorbs, you can enumerate authorized servers and thus get better management and control than you would with unowned anycast. now, that doesn't mean anycast per se is a bad idea for sorbs. it's just that you'd want to own or at least "manage and control" each instance. this is what we do for f-root and it's what ultradns and nominum and i think akamai have been doing for some years now.
I think it may work well... however I am a novice in terms of BGP... As far as I can tell it involves getting a portable address block (somone suggested anything less than a /24 would get filtered) and announcing it in various locations around the Net with local servers behind each of those announcements.... is this fundamentally correct?
yes. see http://www.isc.org/tn/ for some background materials on all this.
Assuming I am right in my current understanding, I am about to start looking at the proceedure to get an ASN and then I'll be looking for some portable IP space if the consensus and thoughts are this will work. I am thinking along the lines of talking with the other large DNSbls (particually Easynet (wirehub) and DSBL) about setting up a set of combined DNSbl servers all anycast'd. This after all will bring an DDoS machines to the attention of the local networks they are attacking .... ;-)
putting multiple dnsbl's on the same /24 sounds like a lot of eggs for only one basket. among the root server operators, we like to chant that "diversity is good".
Current thread:
- Re: relays.osirusoft.com, (continued)
- Re: relays.osirusoft.com Matthew Sullivan (Aug 26)
- Re: relays.osirusoft.com Michael K. Smith (Aug 26)
- Re: Re[2]: relays.osirusoft.com Paul Vixie (Aug 27)
- Re: Re[2]: relays.osirusoft.com jlewis (Aug 27)
- Re: Re[2]: relays.osirusoft.com Margie (Aug 27)
- Re: relays.osirusoft.com Matthew Sullivan (Aug 27)
- Re: relays.osirusoft.com Iljitsch van Beijnum (Aug 27)
- Re: relays.osirusoft.com Vadim Antonov (Aug 28)
- Re: relays.osirusoft.com Matthew Sullivan (Aug 26)