[dns-operations] All NSs for a TLD being in the TLD itself
warren at kumari.net
Fri Oct 25 17:49:56 UTC 2013
On Oct 25, 2013, at 1:33 PM, Edward Lewis <ed.lewis at neustar.biz> wrote:
> On Oct 25, 2013, at 9:45, Randy Bush wrote:
>> the ip address clumping would worry me if i thought they were not anycast.
> Anycast or not, I wouldn't think this is a problem. Meaning, I don't see why this would be a problem with unicast. Assuming that (for v4) the /24's are independently routed, it wouldn't matter if the numbers are numerically close or not.
Well, it *might* -- having a wider separation of addresses (and multiple AS#) reduce the risk of someone accidentally misconfiguring an ACL and blocking access….
Lets say your space is 192.0.2.0/24 and 184.108.40.206/24 -- it's possible that someone intending to ACL 192.0.0.0/24 and 220.127.116.11/24 makes a booboo and ACLs off 192.0.0.0/22 instead of 192.0.0.0/23. While this sound alike a theoretical / unlikely issue, it *does* happen -- ask me how I know…
> I ask because I might be missing something. And assuming it's a given that to an external endpoint, anycast is indistinguishable to unicast. I can't tell if that's two routes to a multi-homed LAN or two routes that diverge geographically.
> Edward Lewis
> NeuStar You can leave a voice message at +1-571-434-5468
> There are no answers - just tradeoffs, decisions, and responses.
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> dns-jobs mailing list
She'd even given herself a middle initial - X - which stood for "someone who has a cool and exciting middle name".
-- (Terry Pratchett, Maskerade)
More information about the dns-operations