On 12-Mar-2007, at 22:52, joshua sahala wrote:
page 29 of the "Life and Times of J-Root" presentation would seem to suggest otherwise (http://www.nanog.org/mtg-0410/kosters.html):
DO NOT RUN Anycast with Stateful Transport
Aha, I actually missed that meeting :-) Despite what Mark might have concluded in that self-confessed "just in time" presentation, the fact remains that Verisign continued their aggressive J-root and COM/NET anycast deployment beyond 2004, and certainly have never suggested that they don't support TCP transport to those servers. Verisign engineers are active in dnsext, in fact, and it's fair to say that DNSSEC is only going to make the proportion of queries which use TCP transport greater. Actions speak louder than words on rushed slide decks, maybe.
like ALL things network-related, you have to know what you are doing and understand the limitations...
... many of which we tried to capture in RFC 4786/BCP 126.
which is a good document on the ins/outs of it...now if only more people would read those RFC things :)
:-) Joe