Anycast 101

bearing in mind there have been issues with org but not . i have
thought in the past there probably should be mroe than two ns records
in ns ..

all i can say is:

> i believe that icann/afilias/ultradns would be very receptive to
> input from the ietf-dnsop wg on this topic. but it's not cut and
> dried ... which i mean, even if it's the same people as would comment here
on nanog, icann/afilias/ultradns would probably pay a lot more attention
if the ietf's dnsop working group made such recommendations than if nanog
made them.

its also not clear if there are two sets of nameservers in service or
one set serving both addresses?

i think it's an even/odd thing. so, and each refer to a specific subset of .ORG

i'm straying from the anycast theory a bit, but thought i'd mention my
2c on past issues with org (altho i dont believe they were caused by
anycast itself)

anycast can be a source of dns incoherency. sometimes this is deliberate
as in the case of akamai; sometimes it's an accident like one server being
lame or broken; sometimes it's a protocol limitation like not all servers
have AXFR'd a new zone-content yet.

i've been thinking that to correctly diagnose unintentional dns incoherency
would require that one of the many distributed networks of "probe boxes"
run a looking-glass-like cgi page that let you launch a dns query from 100
or 1000 different places simultaneously, and compare the results. perhaps
dfk and ripe's dnsmon are listening today.

i've also been thinking that AXFR's known incoherency could be reduced by
using some kind of in-band embargo that would bring a new zone version
online synchronously on servers supporting this feature and configured to
enable it for a particular zone.

those kinds of thoughts are appropriate for nanog. whether .org should
use anycast, or how many NS RRs it should have, are not.