Randy Bush
Thu, 10 Oct 2002 00:04:59 -0700
> Can you describe the issues you see with anycast and how DNSSEC would > address those issues?
w/o dnssec, one can not differentiate ancasted root from a routing attack on that root. see <http://www.nanog.org/mtg-0206/ppt/massey/index.htm> for how one might defend against such attacks. as dnssec is finally approaching deployment, it seems imprudent to rush into a not obviously critical anycast deployment when a little patience would seem harmless. with dnssec, anycast authoritative servers are way cool, clearly safe, and quite deployable. without dnssec, it seems grandstanding to no prudent useful end. randy