nanog mailing list archives
RE: VeriSign's rapid DNS updates in .com/.net (fwd from ml)
From: Sam Stickland <sam_ml () spacething org>
Date: Thu, 22 Jul 2004 18:27:22 +0100 (BST)
I got forwarded this URL from Patrick McManus. I haven't had a chance to read the paper myself yet so I won't comment on it. I've included the link and the abstract below. A choice quote is "these results suggest that the performance of DNS is not as dependent on aggressive caching as is commonly believed, and that the widespread use of dynamic, low-TTL A-record bindings should not degrade DNS performance." http://nms.lcs.mit.edu/papers/dns-imw2001.html Abstract: This paper presents a detailed analysis of traces of DNS and associated TCP traffic collected on the Internet links of the MIT Laboratory for Computer Science and the Korea Advanced Institute of Science and Technology (KAIST). The first part of the analysis details how clients at these institutions interact with the wide-area DNS system, focusing on performance and prevalence of failures. The second part evaluates the effectiveness of DNS caching. In the most recent MIT trace, 23% of lookups receive no answer; these lookups account for more than half of all traced DNS packets since they are retransmitted multiple times. About 13% of all lookups result in an answer that indicates a failure. Many of these failures appear to be caused by missing inverse (IP-to-name) mappings or NS records that point to non-existent or inappropriate hosts. 27% of the queries sent to the root name servers result in such failures. The paper presents trace-driven simulations that explore the effect of varying TTLs and varying degrees of cache sharing on DNS cache hit rates. The results show that reducing the TTLs of address (A) records to as low as a few hundred seconds has little adverse effect on hit rates, and that little benefit is obtained from sharing a forwarding DNS cache among more than 10 or 20 clients. These results suggest that the performance of DNS is not as dependent on aggressive caching as is commonly believed, and that the widespread use of dynamic, low-TTL A-record bindings should not degrade DNS performance. Sam On Thu, 22 Jul 2004, Sam Stickland wrote:
I think I ought to qualify my earlier email - I certainly didn't mean to suggest that this would happen. I meant to merely comment on what the expected increase in load might be if we did see a trend towards lower TTLs. Any trend towards lower TTLs would be outside of Verisign's control anyhow, and if it did happen, it would no doubt be a gradual effect. Which brings me back to my original question - does anyone know of any stastics for TTL values? Sam On Thu, 22 Jul 2004, Henry Linneweh wrote:Before a big panic starts, they can restore it back to the way it was if there is an event of such proportion to totally hoze the entire network or any major portion of it, until they fix any major issue with these changes.... -Henry --- Sam Stickland <sam_ml () spacething org> wrote:Well, a naive calculation, based on reducing the TTL to 15 mins from 24 hours to match Verisign's new update times, would suggest that the number of queries would increase by (24 * 60) / 15 = 96 times? (or twice that if you factor in for the Nyquist interval). Any there any resources out there there that have information on global DNS statistics? ie. the average TTL currently in use. But I guess it remains to be seen if this will have a knock on effect like that described below. Verisign are only doing this for the nameserver records at present time - it just depends on whether expection for such rapid changes gets pushed on down. Sam On Thu, 22 Jul 2004, Ray Plzak wrote:Good point! You can reduce TTLs to such a pointthat the servers willbecome preoccupied with doing something other thanproviding answers.Ray-----Original Message----- From: owner-nanog () merit edu[mailto:owner-nanog () merit edu] On Behalf OfDaniel Karrenberg Sent: Thursday, July 22, 2004 3:12 AM To: Matt Larson Cc: nanog () merit edu Subject: Re: VeriSign's rapid DNS updates in.com/.netMatt, others, I am a quite concerned about these zone updatespeed improvementsbecause they are likely to result inconsiderable pressure to reduceTTLs **throughout the DNS** for little to nogood reason.It will not be long before the marketeers willdiscover that they do notdeliver what they (implicitly) promise tocustomers in case of **changesand removals** rather than just additions to azone.Reducing TTLs across the board will be theobvious *soloution*.Yet, the DNS architecture is built aroundeffective caching!Are we sure that the DNS as a whole will remainoperational when(not if) this happens in a significant way? Can we still mitigate that trend by education ofmarketeers and users?Daniel
Current thread:
- Re: VeriSign's rapid DNS updates in .com/.net, (continued)
- Re: VeriSign's rapid DNS updates in .com/.net Suresh Ramasubramanian (Jul 10)
- Re: VeriSign's rapid DNS updates in .com/.net william(at)elan.net (Jul 12)
- Re: VeriSign's rapid DNS updates in .com/.net Daniel Karrenberg (Jul 22)
- RE: VeriSign's rapid DNS updates in .com/.net Ray Plzak (Jul 22)
- RE: VeriSign's rapid DNS updates in .com/.net Sam Stickland (Jul 22)
- RE: VeriSign's rapid DNS updates in .com/.net Stephen J. Wilcox (Jul 22)
- Re: VeriSign's rapid DNS updates in .com/.net Daniel Karrenberg (Jul 22)
- Re: VeriSign's rapid DNS updates in .com/.net william(at)elan.net (Jul 22)
- RE: VeriSign's rapid DNS updates in .com/.net Ray Plzak (Jul 22)
- RE: VeriSign's rapid DNS updates in .com/.net Henry Linneweh (Jul 22)
- RE: VeriSign's rapid DNS updates in .com/.net (fwd from ml) Sam Stickland (Jul 22)
- RE: VeriSign's rapid DNS updates in .com/.net (fwd from ml) Sam Stickland (Jul 22)
- Re: VeriSign's rapid DNS updates in .com/.net Paul Vixie (Jul 22)
- Re: VeriSign's rapid DNS updates in .com/.net Daniel Karrenberg (Jul 22)
- Re: VeriSign's rapid DNS updates in .com/.net Daniel Karrenberg (Jul 22)
- Re: VeriSign's rapid DNS updates in .com/.net Pete Schroebel (Jul 22)
- Re: VeriSign's rapid DNS updates in .com/.net Eric Brunner-Williams in Portland Maine (Jul 22)
- Re: VeriSign's rapid DNS updates in .com/.net Mark Kosters (Jul 22)
- Re: VeriSign's rapid DNS updates in .com/.net Valdis . Kletnieks (Jul 22)
- Re: VeriSign's rapid DNS updates in .com/.net Eric Brunner-Williams in Portland Maine (Jul 22)
- Re: VeriSign's rapid DNS updates in .com/.net Paul Vixie (Jul 23)
- Re: VeriSign's rapid DNS updates in .com/.net william(at)elan.net (Jul 22)