[address-policy-wg] 2008-05 Anycast for DLV zones

On 22 Apr 2009, at 08:27, Florian Weimer wrote:

> Should critical DNS infrastructure include DLV zones for public use?

No. Absolutely not. DLV is not critical to the operation of the  
Internet. [IMO it's a short-term hack that will go away once the root  
and/or major TLDs get signed.] The DNS servers for TLDs, and to a  
lesser extent, the Tier-1 ENUM delegations are critical. If they went  
away, everyone would immediately notice that. If a DLV zone's DNS  
servers fail, an insignificant number of people would notice. DLV  
users are a fraction of the tiny number of people using DNSSEC today.

Another point: anyone can set themselves up a DLV provider. So if  
arbitrary DLV operators were able to get anycast allocations, this  
would be a good way of depleting the remaining IPv4 space. At least  
there's a finite number of TLD and Tier-1 ENUM delegations which are  
underpinned by "official" registries and procedures for obtaining/ 
managing them. This is not the case for DLV providers (if I can use  
that vague term).

Oh and what happens when the next flavour-of-the-month DNSSEC  
validation hack comes along? Should the policy be modified to  
accommodate that too??

BTW I am also uncomfortable with attempts to shore up DLV or to make  
it more permanent. That takes resources away from getting DNSSEC  
properly deployed by having the root and TLDs signed.