Re: [DNSOP] measuring TCP query performance
Date: Wed, 26 Aug 2009 16:39:31 -0500 From: Michael Graff mgr...@isc.org ... since by definition, I always really need stuff. +1. years ago i tried to differentiate between additional data or authority section data that a requestor could live without, vs. additional data or authority section data that a requestor could not live without. i wanted to not set TC unless the stuff that would not fit was in the answer section or was something from the authority or additional section that a requestor could not live without. i failed utterly to describe this in a way that anybody else could make sense of. i hope someone will try again, rather than falling back to TCP for things that weren't absolutely necessary like in-zone nameserver addresses, or dnssec metadata (if DO=1). ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] measuring TCP query performance
[redirected to DNSOP] Michael, On Aug 25, 2009, at 1:50 PM, Michael Graff wrote: All I'm saying is that I don't want someone to benchmark current DNS implementations (which are likely optimized only for UDP) and then use this as proof that the sky is falling. What would you prefer us benchmark? As you're aware, sometime in the near future, the root is going to be signed. Due to the way DNS server implementers interpreted RFC 3225, somewhere around 70% of the queries to the root will result in a DNSSEC response the day the root is signed (regardless of whether the querying resolver will do anything with the data). Based on studies done with DITL data, we have some reason to believe somewhere around 1-2% of the 10,000 queries per second at least one root server receives will fall back to TCP. While I am certain that the root server ICANN runs can easily handle the load, I do not know about the other root servers (I assume they can, but since they are all run independently and there are no publicly agreed upon standards or service level commitments, it is difficult to be confident) nor do I have the slightest clue about how much head room the other root servers have. Since time is quite short for folks to upgrade their servers and given some root server operators are financially / operationally / politically constrained in how they would go about doing the upgrade, it seems to me that current DNS implementations are exactly what we should be benchmarking. Regards, -drc ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] measuring TCP query performance
No hat. On Wed, Aug 26, 2009 at 04:11:26AM +, Paul Vixie wrote: since time is short, i would prefer a server-side change, supported by a spec change (which means this would head back to namedroppers@) whereby (bufsize1220 DO=1) would be treated as (DO=0). Of course, some have argued that this isn't a protocol change anyway. That said, TCP just because they're probing middlebox PMTU and blinding trying 512. perhaps part of the problem involves blindly trying. Olafur posted a message from the DNSEXT Chairs today that suggests we (the DNS community) need to unpack that assumption, at least. A -- Andrew Sullivan a...@shinkuro.com Shinkuro, Inc. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop