--On Tuesday, October 22, 2002 11:50:43 -0700 Randy Bush <[EMAIL PROTECTED]> wrote:
> smb made what seems like a good suggestion for how to prudently > deploy anycast root and gtld servers prior to dnssec deployment. > > an isp runs one or more anycast slaves for root and/or gtld servers > within their autonomous system and filters out other announcements > of that address at their border. just plain don't let it into your > igp. think of it as a degenerate case of the massey nanog paper. > > the question then becomes how to acquire an authentic copy of the > root and gtld zone files on a regular basis. this may be as much > of a layer nine pain as a layer four one. Root zone is simple: -rw-r--r-- 1 9998 213 14348 Oct 22 21:12 root.zone.gz -rw-r--r-- 1 9998 213 75 Oct 22 21:38 root.zone.gz.md5 -rw-r--r-- 1 9998 213 72 Oct 22 21:38 root.zone.gz.sig are available for ftp. The signature would be easily verified, had the key been easy to find. I had to look for some time to find it... Layer nine is always unpredictable; though. -- M�ns Nilsson Systems Specialist +46 70 681 7204 KTHNOC MN1334-RIPE We're sysadmins. To us, data is a protocol-overhead. #---------------------------------------------------------------------- # To unsubscripbe, send a message to <[EMAIL PROTECTED]>.
