[dns-operations] Default route or not default route for anycast *local* nodes?
Barry Raveendran Greene
bgreene at senki.org
Sat Mar 11 16:29:50 UTC 2017
> On Mar 11, 2017, at 3:48 AM, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
>
> I didn't talk yet with the operators of this root name server, but,
> before I do, I wonder if there are existing good practices (may be
> having no default route helps against reflection attacks?)
No putting default on IX peering is the best practice (unless something has changed). It sounds more like people have not done the anycast engineering. I get the impression that people think that “if I just advertise” an anycast service via eBGP that “all will be well” and it would work. Not true.
More information about the dns-operations
mailing list