[Afpif] peer config to use root DNS anycast instances at an IXP
Dr P Nyirenda
paulos at sdnp.org.mw
Fri Jan 1 12:11:33 UTC 2021
Happy new year 2021, am previledged to send you the first message on this AF-IX mailing
list :-), hope we have good discussions in 2021
As the operator for the Malawi IXP (MIX), we have received a query from one or two ISPs on
how to configure the ISP networks peering at the MIX so that they can use the anycast DNS
root server instance at the MIX
With the help of PCH we operate d.root-servers.net and e.root-servers.net or D and E root
DNS anycast instances at the MIX.
How should an ISP peering at the MIX configure its DNS to use the D and E root DNS
instances at the MIX for it and its clients?
For example if I do a dig +trace like the one copied here below, you will see that my dig query
was answered by c.root-servers.net which is at least 160ms away which is not the nearest
DNS root server instance at the MIX
Our understanding is that the nearest is d.root-server.net or e.root-servers.net as run by
PCH which as you can see from the ping results also here below are around only 5ms away
should have attended to or answered this query, but it did not.
So, why does this DNS dig query not use the nearby d.root-servers.net or the nearest
e.root-server.net that PCH is running at the MIX?
How can we configure DNS at the ISPs or peers at the MIX to use the D or E root server
instances as run by PCH at the MIX?
I have tried to send this query to PCH but so far there has been no answer. I hope you can
help with a detailed answer.
Regards,
Paulos
=============================
Dr Paulos B Nyirenda
NIC.MW & .mw ccTLD
http://www.nic.mw
SDNP: http://www.sdnp.org.mw
Tel: +265-(0)-882 089 166
Cell: +265-(0)-888-824787
WhatsApp: +265-(0)-887386433
[paulos at domwe ~]$ dig +trace fred.nic.cz any
; <<>> DiG 9.9.3-rl.156.01-P1-RedHat-9.9.3-3.P1.fc17 <<>> +trace fred.nic.cz any
;; global options: +cmd
. 517163 IN NS c.root-servers.net.
. 517163 IN NS m.root-servers.net.
. 517163 IN NS a.root-servers.net.
. 517163 IN NS d.root-servers.net.
. 517163 IN NS e.root-servers.net.
. 517163 IN NS h.root-servers.net.
. 517163 IN NS g.root-servers.net.
. 517163 IN NS f.root-servers.net.
. 517163 IN NS l.root-servers.net.
. 517163 IN NS j.root-servers.net.
. 517163 IN NS b.root-servers.net.
. 517163 IN NS i.root-servers.net.
. 517163 IN NS k.root-servers.net.
;; Received 811 bytes from 196.45.190.9#53(196.45.190.9) in 626 ms
cz. 172800 IN NS d.ns.nic.cz.
cz. 172800 IN NS b.ns.nic.cz.
cz. 172800 IN NS a.ns.nic.cz.
cz. 172800 IN NS c.ns.nic.cz.
cz. 86400 IN DS 20237 13 2
CFF0F3ECDBC529C1F0031BA1840BFB835853B9209ED1E508FFF48451 D7B778E2
cz. 86400 IN RRSIG DS 8 1 86400 20210103050000 20201221040000
26116 . 0qIMZ74CtKJhxytWQd4Ox+ma4U5aUotYSWnBYDJB0bFxjK7uIL9RsILb
+yk78V7t1cZjPxz0dLLSD781VuY5O7qif48rZov/TOo7eMooy4pHArZG
cqEQq7saFAMfpHriTlzpR+Fhtec3fgTRnKBUbU7toWs7uGUcf09875a+
0WGsx8hM4ID6qMA8ADUtapvc3MHbsd3t4pYz+jA016pwdnkJiOEhlm2l
YyQK7BPYDswAawFnYIHbdwVIaenYmsIo3zPkaQgQIzNNTQArmnK8kCI/
pA/ABMDtYqJEy/GYa8zP6IHmzOYWF7CN07x9kQipRDFB4RBY1MdXS9jL OqLRQw==
;; Received 618 bytes from 192.33.4.12#53(c.root-servers.net) in 796 ms
fred.nic.cz. 1800 IN RRSIG AAAA 13 3 1800 20210103182515
20201220165515 44434 nic.cz.
0Y8kKgQyzylIwq4foh4hkWrBuj9JgSmjsu2sawmKyp9kixPn+1B/yfpd
rOkjWBYqBFUunM9lvMa/7J4D6uC66g==
fred.nic.cz. 1800 IN AAAA 2001:1488:800:400::2:174
fred.nic.cz. 1800 IN RRSIG MX 13 3 1800 20210103182515 20201220165515
44434 nic.cz. XzM7JC5pozXzq0xYoP75UOYRL9izlgaRerql70WY0NVle+rbbO53qneB
15J2Arvssu03rLIahZcv1nvdsZvjng==
fred.nic.cz. 1800 IN MX 10 mail.nic.cz.
fred.nic.cz. 1800 IN RRSIG A 13 3 1800 20210103182515 20201220165515
44434 nic.cz. ZuTAZOfbeS62hZzf8k4zUFFrDtsN9X0hHDES3HHL9ay59ZOJOAFDt6dE
awdoXUHmUKkAEfQIVw19/xPKERtf4g==
fred.nic.cz. 1800 IN A 217.31.204.174
nic.cz. 1800 IN NS b.ns.nic.cz.
nic.cz. 1800 IN NS a.ns.nic.cz.
nic.cz. 1800 IN NS d.ns.nic.cz.
nic.cz. 1800 IN RRSIG NS 13 2 1800 20210103182515 20201220165515
44434 nic.cz. ZMG1PaPmjqEKkSzmS7jlo6rv9zajhGuS0RqgJlLD7aIWDQz2viqWU6T/
K6ULCNgGJ9hwK2PDWnkhexct8JQ5LQ==
;; Received 1148 bytes from 193.29.206.1#53(d.ns.nic.cz) in 151 ms
[paulos at domwe ~]$
[paulos at domwe ~]$ ping d.root-servers.net
PING d.root-servers.net (199.7.91.13) 56(84) bytes of data.
64 bytes from d.root-servers.net (199.7.91.13): icmp_req=1 ttl=57 time=5.19 ms
64 bytes from d.root-servers.net (199.7.91.13): icmp_req=2 ttl=57 time=4.95 ms
64 bytes from d.root-servers.net (199.7.91.13): icmp_req=3 ttl=57 time=4.84 ms
^C
--- d.root-servers.net ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 4.840/4.995/5.190/0.166 ms
[paulos at domwe ~]$
[paulos at domwe ~]$
[paulos at domwe ~]$ ping e.root-servers.net
PING e.root-servers.net (192.203.230.10) 56(84) bytes of data.
64 bytes from e.root-servers.net (192.203.230.10): icmp_req=1 ttl=57 time=5.02 ms
64 bytes from e.root-servers.net (192.203.230.10): icmp_req=2 ttl=57 time=5.03 ms
64 bytes from e.root-servers.net (192.203.230.10): icmp_req=3 ttl=57 time=4.85 ms
64 bytes from e.root-servers.net (192.203.230.10): icmp_req=4 ttl=57 time=4.98 ms
^C
--- e.root-servers.net ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2998ms
rtt min/avg/max/mdev = 4.857/4.974/5.030/0.085 ms
[paulos at domwe ~]$
[paulos at domwe ~]$
[paulos at domwe ~]$ ping c.root-servers.net
PING c.root-servers.net (192.33.4.12) 56(84) bytes of data.
64 bytes from c.root-servers.net (192.33.4.12): icmp_req=1 ttl=50 time=164 ms
64 bytes from c.root-servers.net (192.33.4.12): icmp_req=2 ttl=50 time=164 ms
64 bytes from c.root-servers.net (192.33.4.12): icmp_req=3 ttl=50 time=164 ms
64 bytes from c.root-servers.net (192.33.4.12): icmp_req=4 ttl=50 time=164 ms
^C
--- c.root-servers.net ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2998ms
rtt min/avg/max/mdev = 164.428/164.555/164.754/0.512 ms
[paulos at domwe ~]$
--
This email has been checked for viruses by AVG.
https://www.avg.com
More information about the Afpif
mailing list