DNS Scaling issues
Jorge Amodio
jmamodio at GMAIL.COM
Mon Oct 26 13:39:24 CET 2009
Claro que si Sergio,
mas tarde te preparo un resumen en español y te lo envio directamente a tu
direccion.
Saludos
Jorge
On Mon, Oct 26, 2009 at 7:10 AM, INFO Internauta <info at internauta.org.ar> wrote:
> Español:
> Estimado Jorge podrías mandar tu resumen en español para poder compartirlo
> con los visitantes de nuestro portal en Argentina y los de las distintas
> organizaciones de usuarios integrantes en FLUI (Federación Latinoaméricana
> de Usuarios de Internet)?
> Gracias de antemano!
>
> English:
> Dear Jorge could send your resume in Spanish to share with visitors to our
> website in Argentina and the various user organizations in FLUI members
> (Latin American Federation of Internet users)?
> Thanks in advance!
>
> Sergio Salinas Porto
> presidente
> Internauta Argentina
> Asociación Argentina de Usuarios de Internet
> http://www.internauta.org.ar
>
>
>
> de ----- Original Message ----- From: "Jorge Amodio" <jmamodio at GMAIL.COM>
> To: <NCUC-DISCUSS at LISTSERV.SYR.EDU>
> Sent: Monday, October 26, 2009 12:35 AM
> Subject: DNS Scaling issues
>
>
> I received a question from Rafik that I believe interesting to share
> my answer with the rest of the
> NCUC crowd.
>
> Question from Rafik (via FB)
>>
>> Hi Jorge,
>>
>> it is plenty of lawyers here , I am not sure that they understand
>> technical side. almost discussion
>> are about trademark, trademark and trademark.
>> wil be glad to know your feedback (technical)
>>
>> Rafik
>
> yes way too many lawyers over there.
>
> From the technical side, the first thing you must know is that the
> three reports which are connected
> are not conclusive.
>
> One of the reports deal with how the technology scales or not, that's
> the OARC report
> (Root Zone Augmentation and Impact Analysis), which shows that servers
> running BIND or NSD may
> be able to scale swiftly but there are some breaking points where
> memory and concurrent number of
> processes running on the servers could produce problems.
>
> There are also some issues related to server load and additional
> traffic growth based on the increase in
> size of the dns query responses that exceed 512 bytes due or
> additional IPv6 glue records or
> DNSSEC information.
>
> Users sending queries for which the answer will exceed 512 bytes and
> are not able to receive that
> response via UDP will revert to TCP, this has the side effect that now
> the query has to establish
> a full TCP handshake, taking more processor time/memory and additional
> network traffic, this not
> only will increase the delay to obtain the response but also will put
> more load on the servers and
> on the network. And the studies are preliminary since there is not yet
> a conclusive study that shows
> how the entire system will behave when DNSSEC is fully deployed.
>
> Also having the query being satisfied via TCP will potentially break
> the use of ANYCAST as the
> mechanism that enables to have replicated "mirror" root servers around
> the world.
>
> The second report, or the "TNO Report" (by the folks from
> Netherlands) only describes the model has
> been used to forecast and try to put together a systematic model to
> simulate the DNS root,
> but it is just that a description of the model and unfortunatelly
> given the short time these
> guys had to do their job the report states:
> "Given the time frame of the root scalability study, there was barely
> time to perform scalability analysis
> with the model. However, for purpose of model validation and to
> illustrate typical use of the
> simulation model several numerical cases were simulated."
>
> The last report, and most important one is the report of the Root
> Scaling Study Team known
> as the "Report on the Impact on the DNS Root System", which also
> address many aspects
> of scalability but in particular how the associated processes (like
> dealing with VeriSign, IANA,
> root operators, DoC, etc) scale or not.
>
> One of the important topics on this report (and you can talk more
> about it over there with
> Patrik Fältström) is that the recommendation is that we need to
> introduce all these changes
> to the root zone in a gradual manner and have the tools to monitor and
> analyze the impact
> of each change since all the previous experience has been based on the
> concept that the
> root zone is something in the system that has been stable and without
> major changes, and
> the problem is not just adding the new TLDs, is how the processes and
> the overall system
> will react when we are required to update/remove/change entries in the
> root zone in a
> more dynamic fashion with many thousands or hundreds of thousand new TLDs.
> Some changes will be driven by the technology, such as DNSSEC that
> will require changing
> keys, signatures, etc.
>
> Because of the rush and pressure of the moment, many years ago we
> missed the opportunity
> to nail the baseline metrics and study the overal system before the
> "proof of concept" TLDs
> where added to the root zone.
>
> This is the information that now the SSAC is digesting but there is a
> lot of work to do
> to put together a summary report and reach a more conclusive analysis.
> So far the best
> advice seems to be "PROCEED WITH CAUTION".
>
> The lawyers need to understand that this is a real concern and not
> just a trick to delay the
> introduction of new gTLDs.
>
> Feel free to ask if you need more specifics or have any questions.
>
> Here are the links to the three related reports:
>
> Root Zone Augmentation and Impact Analysis:
> http://www.icann.org/en/topics/ssr/root-zone-augementation-analysis-17sep09-en.pdf
>
> TNO report - Root Scaling Study
> Description of the DNS Root Scaling Model:
> http://www.icann.org/en/committees/dns-root/root-scaling-model-description-29sep09-en.pdf
>
> Scaling the Root - Report on the Impact on the DNS Root System
> of Increasing the Size and Volatility of the Root Zone:
> http://www.icann.org/en/committees/dns-root/root-scaling-study-report-31aug09-en.pdf
>
> Regards
> Jorge
>
More information about the Ncuc-discuss
mailing list