[dns-operations] Default route or not default route for anycast *local* nodes?

[Klaus Darilion]

Am 11.03.2017 um 12:48 schrieb Stephane Bortzmeyer:
> While debugging a BGP issue with a root name server, we (FRnog, French
> Networks Operators Group) found that apparently some anycast local
> nodes have no default route and thus cannot reply to requests coming
> from outside the ASes connected to their exchange point.
>
> At first glance, it makes sense: since the router announces the prefix
> only to the IX members, no requests should come from outside and there
> is no point to have a default route to reply to them.
>
> But it creates problems if there is assymetric routing: an outside
> client is directed to the anycast local node at the IX, but the local
> node cannot reply.
>
> I didn't talk yet with the operators of this root name server, but,
> before I do, I wonder if there are existing good practices (may be
> having no default route helps against reflection attacks?)
We do not have local-only Anycast nodes yet, but if I would deploy one I 
would setup a default route (or peering with a transit provider with 
full BGP feed). When debugging routing issues with our Anycast nodes I 
do see asymmetric IX-peering very very often. Hence, IX-only 
announcement without default would probably cause plenty of unanswered 
requests.

regards
Klaus