I'm attempting to come up with a list of all the top level domain DNS servers that are anycasted. I already know about the anycast clouds run by PCH, Neustar, Verisign, DENIC, and UltraDNS, and .mx appears from traceroutes to be anycasted as well.
(I know about the anycasted root servers as well; they're out of scope for this question...)
Are there others that I'm missing?
Thanks,
-Steve
I'm attempting to come up with a list of all the top level domain DNS servers
How are you attempting to do it?
One of the problems is that you need to check from multiple locations around the world because dns server would appear to be different depending on where you look at it from. When you look at this in case of ccTLD
you not only need to appear in different locations around the world, but it would probably be good to check from multiple locations in that particular country. This makes administratively difficult to arrange
to do proper measurement for all the ccTLDs.
that are anycasted. I already know about the anycast clouds run by PCH, Neustar, Verisign, DENIC, and UltraDNS, and .mx appears from traceroutes to be anycasted as well.
I'm pretty sure ISC runs anycasted dns servers too and they run .museum TLD and serve as secondary for one or two other TLDs.
BTW - anyone can guess why lookup for SIG RR on .museum results in different response then for some other non-existant RR like NAPTR?
-bash-3.00$ dig museum sig
; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;museum. IN SIG
;; Query time: 4 msec
;; SERVER: 216.151.192.1#53(216.151.192.1)
-bash-3.00$ dig museum naptr
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;museum. IN NAPTR
;; AUTHORITY SECTION:
museum. 3236 IN SOA nic.museum. hostmaster.nic.museum. 2005092312 28800 7200 1209600 3600
;; Query time: 4 msec
;; SERVER: 216.151.192.1#53(216.151.192.1)
scg@gibbard.org (Steve Gibbard) wrote:
I'm attempting to come up with a list of all the top level domain DNS
servers that are anycasted. I already know about the anycast clouds run
by PCH, Neustar, Verisign, DENIC, and UltraDNS, and .mx appears from
traceroutes to be anycasted as well.(I know about the anycasted root servers as well; they're out of scope for
this question...)Are there others that I'm missing?
Add .de to your list. "z.nic.de" is anycasted.
I'd propose taking the list of TLDs, generating the list of associated
authoritative DNS servers (and their IP addresses) and try that list
on the routing registries...
Cheers,
Elmi.
a message of 49 lines which said:
they [ISC] run .museum TLD
It does not seem so.
and serve as secondary for one or two other TLDs.
Not with their anycast servers, unless they added this service very
recently.
Assuming that you do that, what would you be your criteria to find based
on RR if the ip is anycasted or not?
I mean lets suppose that I run dns server at AS0 and peer at location A and also at location B with same ISP with AS1. I might have one dns server at location A and another different one at location B, which means its anycasting. But from peering perspective it would just appear as the
same path AS0->AS1 no matter what location it is.
Opposite to that route to the same server might be seen from different peer AS# based on location because of routing policies.
william@elan.net (william(at)elan.net) wrote:
>authoritative DNS servers (and their IP addresses) and try that list
>on the routing registries...Assuming that you do that, what would you be your criteria to find based
on RR if the ip is anycasted or not?
Maybe I overestimate the openness of the people and believe everybody
would drop their documentation there...
~>whois -h whois.radb.net 194.246.96.1
route: 194.246.96.0/24
descr: DENIC eG anycast prefix
origin: AS31529
...
The AS object gives a lot more clue then...
aut-num: AS31529
as-name: DENIC-ANYCAST-AS
descr: DENIC eG
descr: DNS anycast AS object
...
remarks: | DENIC eG operates the .de ccTLD registry. DENICs IPv4 |
remarks: | DNS servers are partial unicast and partial anycast. |
remarks: | This object covers the IPv4 anycast setups. |
...
Maybe using route servers helps more (coffee!) 
I mean lets suppose that I run dns server at AS0 and peer at location A
and also at location B with same ISP with AS1. I might have one dns server
at location A and another different one at location B, which means its
anycasting. But from peering perspective it would just appear as the
same path AS0->AS1 no matter what location it is.
That's some kind of anycasting, but from a networking point of view
it's redundant links to the same "thing" 
If you are lucky, you can see different next-hops in the BGP.
Opposite to that route to the same server might be seen from different
peer AS# based on location because of routing policies.
Using views from route-servers that are distant from each other might
improve the picture. The RIPE RIS project may be able to help.
Cheers,
Elmi.
Interesting, I did not notice they put it in there...
As I have necessary tools to quicly filter such data from multiple DBs, you might be interested in the list of those self-reporting anycast in RR (its not very long):
192.5.5.0/24 AS3557 - ISC F ROOT (source: OTTIX, VERIO, RIPE)
64.94.96.0/24 AS24246 - INTERNAP (source: SAVVIS, RADB)
204.8.212.0/22 AS32476 - Tellme Networks (source: RADB)
196.6.240.0/24 AS27598 - IS.CO.ZA (source: RADB, RIPE)
195.85.200.0/24 AS29117 - irc-hispano.org (source: RIPE)
192.88.99.0/24 AS12859 - BIT.NL 6to4 relay RFC3068 (source: RIPE)
194.145.251.0/24 AS33837 - PRQ.SE (source: RIPE)
194.246.96.0/24 AS31529 - DENIC (source: RIPE)
84.205.72.0/24 AS12654 - RIPE NCC RIS (source: RIPE)
84.205.73.0/24 AS12654 - RIPE NCC RIS (source: RIPE)
192.88.99.0/24 AS3344 - kewlio.net 6to4 relay RFC3068 (source: RIPE)
2001::500::/48 AS3557 - ISC F ROOT (source: RIPE)
2002::/16 AS3344 - 6to4 relay anycast - no longer done, right??
Getting back to the subject of anycast DNS TLDs, its possible that above
did provide a clue that one of the .ZA servers might be anycasted (although
NSZA.IS.CO.ZA is 196.4.160.27 right now and not listed anycast in RR).
P.S. I will search for anycast in description of ip whois data when I get
a chance and if its not long and interesting may post summary here as well.
Service for the nameservers NS-EXT.VIX.COM and NS-EXT.ISC.ORG are provided by an anycast cluster along the lines described in:
http://www.isc.org/pubs/tn/index.pl?tn=isc-tn-2004-1.txt
http://www.nanog.org/mtg-0505/abley.cluster.html
So, service is distributed over multiple hosts using anycast, but the scope of the anycast is limited geographically to a single location in a single AS.
Joe
6to4 is alive and well.
Joe
But not well deployed on the v6 side, as I noted earlier this year. There
aren't enough North America exit routes to cover some of the v6 networks
there. Of course, there aren't enough North America v6 nets, either. <g>
* Joe Abley:
Ah yes, that's true, and we've been bitten by that.
At ISC, we have an unusually large population of external users using 6to4 to reach us, since most things we host are available on v6, and also because most things we host are of interest to developers who probably have more energy for turning things like 6to4 on than most people.
Our 6to4-using client population became much more happy once I deployed a 6to4 relay router inside AS3557, and had people use it directly instead of the anycast 6to4 relay router address. I don't think I've had a single complaint reported since I turned that on, in fact.
Advertising 2002::/16 and 192.88.99.0/24 for global transit from AS 3557 is on the to-do list. No ETA for that right now, however.
Joe
Thanks!
Am I reading your CENTR presentation correctly as saying that you're announcing all four prefixes from all five locations?
-Steve
I read it as they have the ability to announce all four from any location, but by default, they don't... rather each prefix is enabled from at least three of the five locations.