On 19/09/2013, at 9:40 AM, Joe Abley
I hear from my friends at ISC that work is afoot to repair the Auckland F-Root node, so hopefully it becomes more local for you in due course. L-Root ought to be local for you though (send me a traceroute if not, and we'll see what we can do).
We're helping here by buying new servers to fit the ISC specs, which will enable ISC to get that running relatively soon. Even with our financial commitment to this I'm sure ISC could do with some more so please let them know (Joe or I can make contact if you don't them personally) if you can contribute.
Sure, but perhaps an ISP could also hand out the addresses of a managed/supported DNS resolver service provisioned through appliances in the ISP's own network and find some comfortable middle ground.
We've been asked a number of times if we would be interested in providing such a service, particularly given our DNSSEC knowledge and we are actively considering it. If anyone is interested then please contact me offlist. cheers Jay
Something not completely related or unrelated, is that when people are doing Anycast for DNS in general (both authoriative and recursive) it seems pretty common to send both primary and secondary DNS to the same region. I've seen this with both recursive and authorative, and it icnreases the chance of problems. The simple solution is to make secondary not be anycast and in an unrelated region, as I understand it can be complicated to shift traffic around right to use anycast in a secondary region while optimising all other paths.
The right thing here I think is to provision multiple clouds on the same set of anycast nodes where the overlap between clouds is managed, and provision each nameserver service (the name and associated addresses for each NS record) on a different cloud. That way you get useful diversity, but the individual services are still massively redundant.
This requires lots of anycast nodes to be able to do well, of course.
Another approach followed by people such as Afilias is to use more than one anycast service for the zones you care about. ORG is hosted on one cloud provisioned by PCH and another one run directly by Afilias, for example.
I agree that having the path to two apparently-different nameservers for the same zone land on the same anycast node is probably a bad idea :-)
Joe _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
-- Jay Daley Chief Executive .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 931 6977 mobile: +64 21 678840 linkedin: www.linkedin.com/in/jaydaley