DNSSEC mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Roy.Arends@nominum.com
Cc: randy@psg.com, GILBERT.R.LOOMIS@saic.com, dnssec@cafax.se
From: Havard Eidnes <he@uninett.no>
Date: Mon, 01 Oct 2001 10:44:32 +0200 (CEST)
In-Reply-To: <Pine.BSF.4.33.0109071651530.9498-100000@node10c4d.a2000.nl>
Sender: owner-dnssec@cafax.se
Subject: Re: CERTificates and public keys

Hi,

please excuse the late answer:

> > I have never quite fathomed why some seem to have an ingrained fear
> > of adding more data to the DNS.
>
> Not the "more" fact, but the "different" fact could be problematic.
> Every unique single lookup starts at root. Consider the load of bogus
> that is already hitting the root-servers. Deployment of different data
> (other classes/new types) should be carefully considered in such that
> it under no circumstances breaks the scale. With scale I mean the
> current growing scale of new data of the same type that root could
> handle.

Even though every unique single lookup starts at the root, that doesn't
mean the root name servers see the query, since in adherent-to-spec
recursive name servers the upper parts of the name tree will already be
cached.  Surely the name server would quite seldom need to query one of
the root name servers to refresh it's information for those parts of the
name tree (as dictated by TTLs)?

Therefore, adding a new record type under the IN class should not cause
much additional load at the root, especially if you assume that other
record types will be queried from the same zone anyway, since the same
cached NS record chains would be used to look up the new record type as
is used for all the other record types in the IN class.

I'm pretty sure that the bogus queries as seen at the root will neither
increase nor decrease simply by introducing a new record type, but would
rather suggest that this particular problem has other root causes.

Yes, adding a new class can introduce new and interesting scaling
issues.  If I've understood correctly, adding a new class make it
possible to add a new set of root name servers, and the name space can
(in principle) be separate (though it would probably be a bad idea, if
the name space was "similar").

> > 1) the growth of the size of the data would all be at the edges
> >    (authoritative servers) or felt at the edges (recursive servers),
> >    where resources can relatively easily be scaled up to handle the
> >    added demand.
>
> Growth of the size of data is felt at the root first. If it can be scaled
> at root, the branches should have no problem.

I don't follow you.  Please explain why adding a new record type in the
IN class will automatically increase the load at the root.  Assume that
clients which query for the new record type usually fetch other record
types from the same zones as well (not a wholly unreasonable assumption,
I would think).

cRegards,

- Håvard

Follow-Ups:
- Re: CERTificates and public keys
  - From: Roy Arends <Roy.Arends@nominum.com>

Prev by Date: Re: Signalling DS support to resolvers
Next by Date: Re: CERTificates and public keys
Prev by thread: Re: Signalling DS support to resolvers
Next by thread: Re: CERTificates and public keys
Index(es):
- Date
- Thread

Home | Date list | Subject list