DNS Scaling issues

Jorge Amodio jmamodio at GMAIL.COM
Mon Oct 26 04:35:53 CET 2009


I received a question from Rafik that I believe interesting to share
my answer with the rest of the
NCUC crowd.

Question from Rafik (via FB)
>Hi Jorge,
>
>it is plenty of lawyers here , I am not sure that they understand technical side. almost discussion
> are about trademark, trademark and trademark.
>wil be glad to know your feedback (technical)
>
>Rafik

yes way too many lawyers over there.

>From the technical side, the first thing you must know is that the
three reports which are connected
are not conclusive.

One of the reports deal with how the technology scales or not, that's
the OARC report
(Root Zone Augmentation and Impact Analysis), which shows that servers
running BIND or NSD may
be able to scale swiftly but there are some breaking points where
memory and concurrent number of
processes running on the servers could produce problems.

There are also some issues related to server load and additional
traffic growth based on the increase in
size of the dns query responses that exceed 512 bytes due or
additional IPv6 glue records or
DNSSEC information.

Users sending queries for which the answer will exceed 512 bytes and
are not able to receive that
response via UDP will revert to TCP, this has the side effect that now
the query has to establish
a full TCP handshake, taking more processor time/memory and additional
network traffic, this not
only will increase the delay to obtain the response but also will put
more load on the servers and
on the network. And the studies are preliminary since there is not yet
a conclusive study that shows
how the entire system will behave when DNSSEC is fully deployed.

Also having the query being satisfied via TCP will potentially break
the use of ANYCAST as the
mechanism that enables to have replicated "mirror" root servers around
the world.

The second report, or the "TNO Report"  (by the folks from
Netherlands) only describes the model has
been used to forecast and try to put together a systematic model to
simulate the DNS root,
but it is just that a description of the model and unfortunatelly
given the short time these
guys had to do their job the report states:
"Given the time frame of the root scalability study, there was barely
time to perform scalability analysis
with the model. However, for purpose of model validation and to
illustrate typical use of the
simulation model several numerical cases were simulated."

The last report, and most important one is the report of the Root
Scaling Study Team known
as the "Report on the Impact on the DNS Root System", which also
address many aspects
of scalability but in particular how the associated processes (like
dealing with VeriSign, IANA,
root operators, DoC, etc) scale or not.

One of the important topics on this report (and you can talk more
about it over there with
Patrik Fältström) is that the recommendation is that we need to
introduce all these changes
to the root zone in a gradual manner and have the tools to monitor and
analyze the impact
of each change since all the previous experience has been based on the
concept that the
root zone is something in the system that has been stable and without
major changes, and
the problem is not just adding the new TLDs, is how the processes and
the overall system
will react when we are required to update/remove/change entries in the
root zone in a
more dynamic fashion with many thousands or hundreds of thousand new TLDs.
Some changes will be driven by the technology, such as DNSSEC that
will require changing
keys, signatures, etc.

Because of the rush and pressure of the moment, many years ago we
missed the opportunity
to nail the baseline metrics and study the overal system before the
"proof of concept" TLDs
where added to the root zone.

This is the information that now the SSAC is digesting but there is a
lot of work to do
to put together a summary report and reach a more conclusive analysis.
So far the best
advice seems to be "PROCEED WITH CAUTION".

The lawyers need to understand that this is a real concern and not
just a trick to delay the
introduction of new gTLDs.

Feel free to ask if you need more specifics or have any questions.

Here are the links to the three related reports:

Root Zone Augmentation and Impact Analysis:
http://www.icann.org/en/topics/ssr/root-zone-augementation-analysis-17sep09-en.pdf

TNO report - Root Scaling Study
Description of the DNS Root Scaling Model:
http://www.icann.org/en/committees/dns-root/root-scaling-model-description-29sep09-en.pdf

Scaling the Root - Report on the Impact on the DNS Root System
of Increasing the Size and Volatility of the Root Zone:
http://www.icann.org/en/committees/dns-root/root-scaling-study-report-31aug09-en.pdf

Regards
Jorge


More information about the Ncuc-discuss mailing list