DNS Scaling issues
McTim
mctim at BUSHNET.NET
Mon Oct 26 06:48:04 CET 2009
Hello Jorge,
On Mon, Oct 26, 2009 at 6:35 AM, Jorge Amodio <jmamodio at gmail.com> wrote:
> Also having the query being satisfied via TCP will potentially break
> the use of ANYCAST as the
> mechanism that enables to have replicated "mirror" root servers around
> the world.
Well Anycast servers do repsond to TCP DNS queries, but UDP simplifies
things re: bandwidth and other issues.
The main takeaway from the root scaling study report for me was that
the proposed changes to the root are multiplicative in nature, and not
simply additive, so do the big one first:
"If adding a TLD to a normal zone means a growth factor
of 1.0, adding the same name to a zone that is signed with DNSSEC
could mean a 4 times bigger
change to the zone than if it wasn’t signed. If a TLD is added to an
unsigned zone, but with IPv6
records for its name servers, the change may be 1.25 times what it was
without IPv6. If you add
the TLD, with IPv6, to a zone that is signed with DNSSEC, the growth
will be 1.25 x 4 = 5 times
the base example.74
Following this line of reasoning, it is desirable to add changes that
have a sudden and large
impact on the root zone as early as possible, whereas more gradual
changes can be added at later
stages, as the absolute numbers can be kept low by the effects of the
rate limiting. As DNSSEC
represents the most pronounced “step,” it would seem prudent to add
DNSSEC to the root zone
before any steps to increase the size by adding substantial amounts of
new names are taken."
--
Cheers,
McTim
"A name indicates what we seek. An address indicates where it is. A
route indicates how we get there." Jon Postel
More information about the Ncuc-discuss
mailing list