smb made what seems like a good suggestion for how to prudently deploy anycast root and gtld servers prior to dnssec deployment.
an isp runs one or more anycast slaves for root and/or gtld servers within their autonomous system and filters out other announcements of that address at their border. just plain don't let it into your igp. think of it as a degenerate case of the massey nanog paper. the question then becomes how to acquire an authentic copy of the root and gtld zone files on a regular basis. this may be as much of a layer nine pain as a layer four one. randy #---------------------------------------------------------------------- # To unsubscripbe, send a message to <[EMAIL PROTECTED]>.
