Hello,
> On 29 Feb 2024, at 09:34, Greg Choules via bind-users > <bind-users@lists.isc.org> wrote: > > But regarding your comment "It’s not easy for the network to guess the > requirements of an application," I would disagree. Traffic classification and > setting of DSCP values is something that edge routers have been capable of > for decades. I would even argue that this is the place you *want* to do it, > rather than trusting what the application itself says it wants. > > If you must do the whole QoS thing at all, use something like a policy-map > (other manufacturers are available), match all port 53, set DSCP to an > appropriate value for *your* network and prioritise/police as appropriate in > the core. I think the solution is a combination of those things -- the application can set DSCP values to indicate to the network how it would like its traffic treated. The network should then apply policies on what it's then happy to accept: it may say "I don't care you think this is high priority, I don't and I'm going to remark it as 'default'". That policy can be based on anything: IP addresses, port numbers, DSCP values, etc. In our case, we allow people to mark traffic in certain ways, including a 'below best efforts' level for things like bulk software installs or data transfers, where you want the network to only give it spare bandwidth. Also, in the case of the phone system, certain operations, like firmware updates, are not marked as a priority compared to call audio or signalling. In some cases, this can be determined by the network by looking at port numbers but, in other cases (as with our phone system), it's not possible for the network to tell the difference as there is no clear separation - only the phone systems knows what is what. Still, at the network level, we might have to fix up broken DSCP values, ignore others, etc. We certainly don't just trust everything coming in: if it doesn't match an allowed policy, it gets remarked as 'best efforts'. In this case, however, I don't see the point in this unless certain domain name lookups are more (or less) important than others. If all DNS traffic is to be treated specially (compared to other traffic) but the same (as other DNS traffic), you can just do it in the OS (iptables et al) or at the network level. The other point, as someone else made, is that you probably need the queries from the clients to be marked appropriately and I suspect most won't be doing that, so you'll be fixing those up in the network anyway. Generally QoS seems to have fallen out of favour as it's easier to solve most problems with more bandwidth, and it's not clear what's important anyway (and you can often only tell at layer 7), but there are still cases where it's necessary. - Bob -- Robert Franklin <rc...@cam.ac.uk> / (+44 1223 7) 48479 University Information Services: Network Systems, University of Cambridge -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
