> From: "Carlos M. Martinez" <[email protected]> > That said, there is something to be said for easy-to-remember, > easy-to-type, DNS addresses. Why not write an I-D asking IANA for a > couple of very easy addresses that we can all agree to locally anycast ?
It's one thing to use the anycast authoritative servers and the various branded anycast recursive servers, but something else to use unknown recursive servers that would make unpredicable and effectively random improvements to DNS responses. Those improvements would be unpredictable and random, because you could not predict which of the many servers that "we all" run would be used 10 minutes from now when your local instance is down for maintenance or the target of an attack. You can believe Google's answer the question to "Do you fudge DNS data?", but if not, then you should never have considered using Google's servers. (Never mind that you should be validating DNSSEC in or very close to applications so that question is operationally irrelevant.) No matter how some of the operators of those severs that "we all" run answered that question, the answer would be content free noise. Given the nature of anycast, no answer could be authoritative for all of the players. As for easy to remember addresses, why bother asking IANA for something that IANA is unlikely to be able to provide? Or if you meant multicast instead of anycast, what about TCP/53? What about DHCP? Should customers who can't find and understand your resolver's address on your easy to use web page setup instructions be typing any DNS server addresses? How can a customer that can't find and type your DNS sever's address handle configuring the /28 (or whatever) block you've assigned? If DHCP does that job, then why not let it also handle DNS? It might be best to terminate customers that are too smart by half and hire the IT consultancy run by the neighbor's script kiddie to improve your DHCP answers, because they're likely to be infinite sources of trouble. Vernon Schryver [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
