ask> I don't have data (and haven't looked into it recently), but I think ask> it's a very safe assumption that
ask> - most of the authoritative servers don't use anycast ask> - most authoritative queries (for an average resolver) go to ask> servers that use anycast I'd disagree. There's been huge consolidation in the DNS operator business and the vast majority of domain names are served by a fairly small number of really large operators' auth servers. Anycast for auth makes sense for robustness and resilience while not inflating the number of listed NSs (keeping packet size small). Combine that with most of the world using a smaller number of recursive operators who also widely distibute via anycast and you wind up with auth and recursive operators being in most of the same cities and data centers and close to each other. This means cache misses aren't that much slower than cache hits. Clients get fast answers, zones are robustly and quickly served, everyone wins. Whether centralization as a trend is good has already been argued on this list and others plenty of times. ;) There is definitely a choice or tradeoff between speed/robustness and privacy. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
