[address-policy-wg] Policy Change Request - Allow address allocations for anycast DNS operation

> > "Operators providing DNS for a zone that is approaching the UDP packet
> > size limit due to the number of authoritative servers may be assigned
> > PI network prefixes: a /24 IPv4 prefix and/or a /32 IPv6 prefix. These
> > prefixes will allow them to anycast the DNS server, as described in 
RFC
> > 3258."

> No, this completely misses Joao's point which spelled out that you
> don't get an allocation unless you will anycast it.  For example, my
> private company shouldn't be able to get PI prefixes just by adding 20
> authorative DNS servers!

Anycasted DNS is an absolute must to qualify for this kind of allocation.
However I can't believe taht someone will break up his DNS service just
to qualify for another /24. Maybe I underestimate what some people
would do for a handfull of numbers :-)

> In other words, either you're creating PI space for ccTLDs (or some
> other groups, whether special or not), or you're creating PI space for
> anycasting for certain applications, or both.  This needs to be made
> clearer as different people have different assumptions here.

This address space is _not_ PI in its original sense. The allocation is 
made
to overcome a DNS limitation and we feel that we should grant resources
to those who feel the need to provide DNS service in a way that is 
described
in RFC 3258. This policy does not apply to non DNS services and it is
not limited to TLDs.

> That said, I still don't think this policy makes sense.  How many
> servers would that need to be?  A lot.

There has been several studies from different sources how many 
NS would be needed. If you plan to fully support IPv6 transition giving
all of your NS A and AAAA records it is not that many before your 
responses
will be truncated.

>  What prevents from anycasting
> a regular PA prefix among those parties which have the largest amount
> of servers?  Nothing (prefix filters based on RIPE DB shouldn't be a
> problem, just add the AS of anyone anycasting to the prefix right?).

As I said before it is not about PA versus PI, the allocation is tagged
to the anycast DNS services. We have discussed the possibility to ensure
the routability of smaller prefixes from the "regular" LIR allocation
but most of the people felt that although possible putting that burden
(to ensure routability of some prefixes in a world that filters on PA 
allocation boundaries) on DNS folks is not a good idea but enabling 
them to use specific prefixes that are "known" to ensure routability
is a better solution.

It has also been agreed that using this kind of special allocations
will be history as soon as anycasting is possible with a single 
allocation.
I don't know if the routing wg is already working on this item.

Have a nivce day
Andreas

> > > Also, pardon me asking but would the request be for a /24 per server 
to
> > > be anycasted of a /24 per zone administrator?
> >
> > One /24 per zone operator. I remember that someone (was that you?) 
would
> > like to have /24 for putting the administrative interface of the 
anycast
> > instances into another AS but as far as I recall there have not been 
much
> > support for that idea.

> This is unacceptable for redundancy reasons.  If the routing for the
> /24 hiccups (e.g., someone advertises the prefix but drops the
> packets), all the nameservers will down for people behind that ISP?
> If you anycast something, there will have to be a backup option as
> well.

> --
> Pekka Savola                 "You each name yourselves king, yet the
> Netcore Oy                    kingdom bleeds."
> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings