[address-policy-wg] 2008-05 Anycast for DLV zones
- Previous message (by thread): [address-policy-wg] 2008-05 New Draft Documents Published (Anycasting Assignments for TLDs and Tier 0/1 ENUM)
- Next message (by thread): [address-policy-wg] 2008-05 Anycast for DLV zones
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jim Reid
jim at rfc1035.com
Wed Apr 22 10:28:32 CEST 2009
On 22 Apr 2009, at 08:27, Florian Weimer wrote: > Should critical DNS infrastructure include DLV zones for public use? No. Absolutely not. DLV is not critical to the operation of the Internet. [IMO it's a short-term hack that will go away once the root and/or major TLDs get signed.] The DNS servers for TLDs, and to a lesser extent, the Tier-1 ENUM delegations are critical. If they went away, everyone would immediately notice that. If a DLV zone's DNS servers fail, an insignificant number of people would notice. DLV users are a fraction of the tiny number of people using DNSSEC today. Another point: anyone can set themselves up a DLV provider. So if arbitrary DLV operators were able to get anycast allocations, this would be a good way of depleting the remaining IPv4 space. At least there's a finite number of TLD and Tier-1 ENUM delegations which are underpinned by "official" registries and procedures for obtaining/ managing them. This is not the case for DLV providers (if I can use that vague term). Oh and what happens when the next flavour-of-the-month DNSSEC validation hack comes along? Should the policy be modified to accommodate that too?? BTW I am also uncomfortable with attempts to shore up DLV or to make it more permanent. That takes resources away from getting DNSSEC properly deployed by having the root and TLDs signed.
- Previous message (by thread): [address-policy-wg] 2008-05 New Draft Documents Published (Anycasting Assignments for TLDs and Tier 0/1 ENUM)
- Next message (by thread): [address-policy-wg] 2008-05 Anycast for DLV zones
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]