nanog mailing list archives
Re: [dnsop] DNS Anycast revisited (fwd)
From: Joe Abley <jabley () isc org>
Date: Wed, 4 May 2005 10:19:28 -0400
On 4 May 2005, at 09:52, Edward B. Dreger wrote:
TF> Date: Wed, 4 May 2005 10:48:56 +0100 TF> From: Tony Finch TF> Why would anyone use an anycast address as a client? Wouldn't it beTF> simpler to make all client connections from the machine's unicast address?Maybe, maybe not. Take an anycast DNS provider that AXFR/IXFRs zones from its customers. Notifying them of all anycast addresses and keeping ACLs up-to-date isn't feasible. The obvious answer is to have a couple hosts pull zones from unicasted addresses.
Actually, the obvious answer is to use TSIG instead of address-based ACLs to authenticate zone transfers. But in cases where that's not possible (because the master servers don't want to implement it, and insist on address-based ACLs), there are hacks available. See
http://www.isc.org/pubs/tn/isc-tn-2004-1.html#anchor14 for an example. Joe
Current thread:
- Re: [dnsop] DNS Anycast revisited, (continued)
- Re: [dnsop] DNS Anycast revisited Paul Vixie (May 04)
- Re: [dnsop] DNS Anycast revisited (fwd) Patrick W. Gilmore (May 03)
- Re: [dnsop] DNS Anycast revisited (fwd) Edward B. Dreger (May 03)
- Re: [dnsop] DNS Anycast revisited (fwd) Patrick W. Gilmore (May 03)
- Re: [dnsop] DNS Anycast revisited (fwd) Edward B. Dreger (May 03)
- Re: [dnsop] DNS Anycast revisited (fwd) Patrick W. Gilmore (May 03)
- Re: [dnsop] DNS Anycast revisited (fwd) Edward B. Dreger (May 03)
- Re: [dnsop] DNS Anycast revisited (fwd) Patrick W. Gilmore (May 03)
- Re: [dnsop] DNS Anycast revisited (fwd) Edward B. Dreger (May 03)
- Re: [dnsop] DNS Anycast revisited (fwd) Tony Finch (May 04)
- Re: [dnsop] DNS Anycast revisited (fwd) Edward B. Dreger (May 04)
- Re: [dnsop] DNS Anycast revisited (fwd) Joe Abley (May 04)