[dns-operations] Default route or not default route for anycast *local* nodes?

Stephane Bortzmeyer bortzmeyer at nic.fr
Sat Mar 11 11:48:22 UTC 2017

While debugging a BGP issue with a root name server, we (FRnog, French
Networks Operators Group) found that apparently some anycast local
nodes have no default route and thus cannot reply to requests coming
from outside the ASes connected to their exchange point.

At first glance, it makes sense: since the router announces the prefix
only to the IX members, no requests should come from outside and there
is no point to have a default route to reply to them.

But it creates problems if there is assymetric routing: an outside
client is directed to the anycast local node at the IX, but the local
node cannot reply.

I didn't talk yet with the operators of this root name server, but,
before I do, I wonder if there are existing good practices (may be
having no default route helps against reflection attacks?)

More information about the dns-operations mailing list