anycast dns servers

i am a bit confused here. seems to be that the major differences
between smb's scheme, for which you personally attacked me, and
yours are

  o yours has centralized control, you, instead of isp control.
    this is known not to have good layer nine properties, see
    marinara del roi.

  o we get to pay you for that privilige, though at 'cost', mighty
    kind of you, but we're silly enough to also think we know how
    to run services. though it might be fun to talk about how to
    automate testing for the relevant parts of rfc 2870.

i.e. they are not technically much different. as smb said, the
hard problems are at layer nine.

but, first focusing on the technology, let's talk about the hard
part of the problem first, the gtld servers, hard because of the
size of the data and the frequency of change.

so a large isp lets the registries (verisign et alia) put a honkin'
hidden primary server near _big_ backbone links. other large
(i.e. can handle moving that kind of data) isps set up ipsec or
tsig secondary cluster off of it. of course, the isps' secondary
clusters use a well-known anycast address for serving queries. the
isps which have secondaries might not accept announcements of the
anycast prefix from eachother, or they might, point to disucss.

i could elaborate further, but it might be more fun to let others
have a say too. especially how this can safely support all the
non-oc48++ isps.

randy