[cctld-discuss] .MX now uses anycast in its secondaries

["Oscar A. Robles-Garay" <orobles@nic.mx>]

In NIC.MX we just finished a project for the .MX DNS Secondaries, which
consisted in the implementation of IPv4 anycast scheme (Shared Unicast),
now used in the root severs F and K.

This implementation allow us to manage redundancy in the DNS secondaries
for .MX, but above all, this give us full control for the DNS service,
making more robust the technological infrastructure.

Our implementation followed the recommendations in RFC 3258, but also has
the following characteristics:

• Three different DNS implementations (one commercial)
• 7x24 contract for all the servers
• Firewall and security measures on all the servers
• Full zone transfer and reloading lower than 15 secs
• DNS Zones located in Memory File System to reduce the possibility of outflow of information in case of hardware removal.
• Routing service running in the same server allowing automatic server disconnection from the Internet should a problem prevents it to respond queries.
• Full statistics processing that allow us identify requesting networks that require more resources from our DNS system.
• Time synchronization in all servers.
• Full control of our DNS system (hardware and software).
• Easy to include one more server to the pool of secondaries (there is no need to request IANA update).
• Topological load balancing.
• Secure Zone Transfer.

This design and implementation has been done in all its extent by NIC
Mexico staff and now its been working properly since a month ago,
answering for more than 120 million .MX queries a day.

We are very proud of this pioneer implementation on ccTLDs.

Regards,

Oscar Robles
.MX