[Afpif] [af-ix] peer config to use root DNS anycast instances at an IXP

Dr P Nyirenda paulos at sdnp.org.mw
Tue Jan 5 16:14:59 UTC 2021 

On 5 Jan 2021 at 12:52, Nishal Goburdhan wrote:

> ...
> to be clear, PCH does not operate any DNS Root services.  we provide 
> neutral infrastructure (ie. the "bare metal" service) that DNS 
> service providers use, to themselves operate and provide DNS services to 
> peering participants at exchanges that we connect to.  the choice to 
> "go live" at an IX is almost always a decision that the DNSOp makes. 
>   some (like Quad9, D-Root) are happy to turn up anywhere;  others are 
> more calculated in their deployments.
> ...

Thank you for finally clearing this up, we have been asking for clarification on this for some 
time, initially at the SADC IXP meeting in October 2019 and more recently through direct 
e-mail to PCH which was not replied to.

I see this on our network
[paulos at mudi ~]$ dig @e.root-servers.net hostname.bind txt ch +short
"p02.blz.eroot"
[paulos at mudi ~]$ dig @d.root-servers.net hostname.bind txt ch +short
"btmw2.droot.maxgigapop.net"
[paulos at mudi ~]$

and so it appears that E root instance is active on our Malawi IXP (MIX) but am not sure if the 
D root instance in the result also is, please clarify or confirm.

I was aware that no speciall DNS config is required at the IXP peers to use the DNS root 
server instances at the MIX but I am happy that I asked this question over this mailing list, it 
has provided many insights and data on our operations that I was not fully aware of, thanks to 
the many that have responded on it and those that have pointed us to additional data.

A recent study by National Statiscal Office in Malawi released just 3 weeks ago shows that 
97% os Malawians access the Internet by mobile phone. Both the mobile operatorts in 
Malawi are peering at the MIX and they are the ones who are at the fore front of raising this 
query that they were not benefiting from the D and E root DNS instances reportedly at the 
MIX on PCH machines. I will have further chats with them on how they can optmise. 

Thanks to everyone for the active discussion.

Regards,

Paulos
=============================
Dr Paulos B Nyirenda
NIC.MW & .mw ccTLD 
http://www.nic.mw
SDNP: http://www.sdnp.org.mw
Tel:  +265-(0)-882 089 166
Cell: +265-(0)-888-824787
WhatsApp: +265-(0)-887386433



On 5 Jan 2021 at 12:52, Nishal Goburdhan wrote:

> On 1 Jan 2021, at 14:11, Dr P Nyirenda wrote:
> 
> > Happy new year 2021, am previledged to send you the first message on 
> > this AF-IX mailing
> > list :-), hope we have good discussions in 2021
> 
> [hat = PCH]
> 
> hi doc paulos  (and list)
> all the best for you for 2021.
> 
> > As the operator for the Malawi IXP (MIX), we have received a query 
> > from one or two ISPs on
> > how to configure the ISP networks peering at the MIX so that they can 
> > use the anycast DNS
> > root server instance at the MIX
> >
> > With the help of PCH we operate d.root-servers.net and 
> > e.root-servers.net or D and E root
> > DNS anycast instances at the MIX.
> 
> to be clear, PCH does not operate any DNS Root services.  we provide 
> neutral infrastructure (ie. the "bare metal" service) that DNS 
> service providers use, to themselves operate and provide DNS services to 
> peering participants at exchanges that we connect to.  the choice to 
> "go live" at an IX is almost always a decision that the DNSOp makes. 
>   some (like Quad9, D-Root) are happy to turn up anywhere;  others are 
> more calculated in their deployments.
> 
> 
> > How should an ISP peering at the MIX configure its DNS to use the D 
> > and E root DNS
> > instances at the MIX for it and its clients?
> 
> sorry if i missed this;  we actually have a document that explains this, 
> and i´ve attached that to this message.  it hasn´t been updated in a 
> bit (*blush*) but it should still explain what you´re asking about.  
> i´ve made a note to add in some new content.
> 
> in general, the short answer is that the ISP does not need to do 
> anything other than simply peer with PCH (or, peer with the BGP 
> route-server service if this is available at the IX).  a common source 
> of confusion when people think about anycast, is that they think that 
> anycast is a DNS function.  it is not.  anycast is a *network* 
> "trick" that is used to bring a resource closer network-wise.  and 
> because it is a network trick, the services (eg. DNS) team don´t need 
> to do anything, because the network routes to the closest resource.
> 
> of course, the ISP needs to use in-country DNS services.  it doesn´t 
> help if there are DNS resources locally available, but ISPs/end-users 
> are forcing their DNS config to use services that are not in-country.
> 
> i´m happy to add more context/answer more questions here, or off-list. 
>   and to those IXPs that do not yet have a PCH DNS node, or, have not 
> yet been contacted by gael/sara/myself (ie. we do not yet have you in 
> our queue) please feel free to ping us at outreach-list at pch.net.
> 
> -n.



-- 
This email has been checked for viruses by AVG.
https://www.avg.com

More information about the Afpif mailing list