On 3/21/19 11:52 AM, Ross Tajvar wrote:
Not all any-casted prefixes are DNS resolvers and not all DNS resolvers are anycasted. It sounds like you would be better served by a list of well-known DNS resolvers.
True on both counts, and that's why I said "help".
On Thu, Mar 21, 2019 at 12:35 PM Bryan Holloway <bryan@shout.net <mailto:bryan@shout.net>> wrote:
On 3/21/19 10:59 AM, Frank Habicht wrote: > Hi James, > > On 20/03/2019 21:05, James Shank wrote: >> I'm not clear on the use cases, though. What are the imagined use cases? >> >> It might make sense to solve 'a method to request hot potato routing' >> as a separate problem. (Along the lines of Damian's point.) > > my personal reason/motivation is this: > Years ago I noticed that my traffic to the "I" DNS root server was > traversing 4 continents. That's from Tanzania, East Africa. > Not having a local instance (back then), we naturally sent the traffic > to an upstream. That upstream happens to be in that club of those who > don't have transit providers (which probably doesn't really matter, but > means a "global" network).
/snip
> Greetings, > Frank >
I can think of another ...
We rate-limit DNS from unknown quantities for reasons that should be obvious. We white-list traffic from known trusted (anycast) ones to prevent a DDoS attack from throttling legitimate queries. This would be a useful way to help auto-generate those ACLs.