Re: [apnic-talk]Re: [APNIC Members][Apnic-announce] APNIC POPs and Root Server Trial

To: rolandom@info.com.ph
Subject: Re: [apnic-talk]Re: [APNIC Members][Apnic-announce] APNIC POPs and Root Server Trial
From: Joe Abley <jabley@isc.org>
Date: Wed, 7 May 2003 23:21:52 -0400
Cc: apnic-talk@apnic.net
In-reply-to: <a347cf3b.cf3ba347@pldtprv.net>
List-archive: <http://www.apnic.net/mailing-lists/apnic-talk/>
List-help: <mailto:apnic-talk-request@lists.apnic.net?subject=help>
List-id: General discussions on APNIC <apnic-talk.lists.apnic.net>
List-post: <mailto:apnic-talk@lists.apnic.net>
List-subscribe: <http://mailman.apnic.net/mailman/listinfo/apnic-talk>,<mailto:apnic-talk-request@lists.apnic.net?subject=subscribe>
List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/apnic-talk>,<mailto:apnic-talk-request@lists.apnic.net?subject=unsubscribe>
Sender: apnic-talk-admin@lists.apnic.net

Hi Roland,

On Wednesday, May 7, 2003, at 20:29 Canada/Eastern, rolandom@info.com.ph wrote:

Hi, this is roland marasigan of infocom (philippines). What benefit/s
we are going to get once we have this server ?

There are three principal benefits for an ISP in having access to a local root nameserver:

1. self-sufficiency -- resolvers will continue to function in a predictable way even during a loss of international connectivity, since they have a local root nameserver they can talk to,

2. performance -- resolvers will have a much lower latency (and, often, a less congested) path to a local root nameserver than to a root nameserver reachable across an ocean. This improves the average speed of DNS resolution, since recursive queries aimed at the root will get answered more quickly, and

3. resilience -- if a denial-of-service attack is launched at the F root nameserver in some other part of the world, the traffic will land at a different instance of F and hence the local community will not see any effects of the attack. Conversely, a locally-originated attack will hit just the local F root node, and leave the rest of the world's F root nameservice unaffected. This makes the root nameserver complex as a whole more resilient.

There is an additional indirect benefit for the operator in that having a distributed set of sinks for attack traffic makes it easier for the root server operator to identify the source of an attack. The quicker the source of an attack can be identified, the sooner the attack can be stopped.

I wrote up a description of the general approach we're taking with this, if you're interested in the routing details:

http://www.isc.org/tn/isc-tn-2003-1.html

Each local F root nameserver node we deploy serves a particular region of the Internet, and not the whole world (that's the "hierarchical" bit in that document), so you need to be in reasonable network proximity to one of these new F root nodes before you will gain benefit from it. Normally that means either peering directly with the F root node over an exchange point (e.g. the HKIX in Hong Kong), or being a customer of someone who does (or their customer, etc).

We (Internet Software Consortium) are doing our best to deploy lots of remote F root nodes around the world, so that the chances of being within range of a local F root node are good. In the Asia Pacific region we are working with APNIC to make this happen.

Joe

References:
- [apnic-talk]Re: [APNIC Members][Apnic-announce] APNIC POPs and Root Server Trial
  - From: rolandom@info.com.ph

Prev by Date: [apnic-talk]Re: [APNIC Members][Apnic-announce] APNIC POPs and Root Server Trial
Next by Date: [apnic-talk]Networking South Asia Fellowships now open
Previous by thread: [apnic-talk]Re: [APNIC Members][Apnic-announce] APNIC POPs and Root Server Trial
Next by thread: [apnic-talk]Networking South Asia Fellowships now open
Index(es):
- Date
- Thread