Re: designing the DNS from the scratch

[Leonardo Rodrigues]

Em 10/07/17 11:12, Matthew Seaman escreveu:


Or you could buy a service from one of a number of DNS service providers
who provide pretty much exactly what I described.  That will still be
quite expensive, but not to the extent that it would cause inadvertent
emission of bodily fluids.



I have been using Amazon AWS Route 53 DNS services and i'm loving 
them. The price is really low for the availability i'm experiencing, the 
easy management.


--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: designing the DNS from the scratch

[Matthew Seaman]

On 2017/07/10 14:16, Matus UHLAR - fantomas wrote:
>>> But you do know the approximate speed of light in a vacuum?
> 
> there's always dark in my vacuum, so the speed of light doesn't apply
> there.
> 
> On 10.07.17 09:02, wbr...@e1b.org wrote:
>> More importantly, what is the speed of light in a fiberoptic connection?
>> Speed of electrons in copper wire?
> 
> speed of electrical field, which is the same as speed of light.
> electrons are much slower.
> 
> however, the longest distances on earth are about 2km, which requires
> at least 67ms for signal to get there and 133ms to get back.
> in reality there's some small delay on each network device in the path, so
> the 3ms can only be achieved on short distances.
> 

Indeed.  Assuming the OP was talking about providing an authoritative
service -- that is, to allow the rest of the world to look up their
customer's domains -- then if they went back to their customer with a
more realistic target of say a 95th-percentile limit of a sub-50ms RTT
for users in urban North America, Europe, Russia, Japan and other
locations with a well developed Internet infrastructure, that could be
achieved by putting DNS servers in strategically located POPs on each
continent and using anycast routing to direct traffic to the nearest
location.

Which would be eye-wateringly expensive to do for just one client,
unless they needed about as much capacity as a middle-sized ccTLD.

Or you could buy a service from one of a number of DNS service providers
who provide pretty much exactly what I described.  That will still be
quite expensive, but not to the extent that it would cause inadvertent
emission of bodily fluids.

On the other hand, if they were talking about providing a recursive DNS
caching service to allow their customer's servers to look stuff up from
the internet, then a 3ms RTT is not impossible so long as

   * the DNS machines are sufficiently close to the client's machines
 that you can readily achieve sub-3ms ping RTTs between them

   * the 3ms limit *only* applies to responses from cached data.

There's clearly no way you can guarantee <3ms if your recursive server
needs to talk to a machine on the other side of the planet where it
takes at least 200ms just to get packets there and back again.

Cheers,

Matthew




signature.asc
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: designing the DNS from the scratch

[Matus UHLAR - fantomas]

But you do know the approximate speed of light in a vacuum?


there's always dark in my vacuum, so the speed of light doesn't apply there.

On 10.07.17 09:02, wbr...@e1b.org wrote:

More importantly, what is the speed of light in a fiberoptic connection?
Speed of electrons in copper wire?


speed of electrical field, which is the same as speed of light.
electrons are much slower.

however, the longest distances on earth are about 2km, which requires
at least 67ms for signal to get there and 133ms to get back.
in reality there's some small delay on each network device in the path, so
the 3ms can only be achieved on short distances.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The only substitute for good manners is fast reflexes. 
___

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: designing the DNS from the scratch

[Ray Bellis]

On 10/07/2017 14:02, wbr...@e1b.org wrote:

> ~3 x 10**8 m/s
> 
> More importantly, what is the speed of light in a fiberoptic connection? 

~0.66c

> Speed of electrons in copper wire?

Individual electrons move *very* slowly - it's the electric *field* that
moves at between 0.5c and 1c.

https://en.wikipedia.org/wiki/Velocity_factor

cheers,

Ray

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: designing the DNS from the scratch

[wbrown]

> But you do know the approximate speed of light in a vacuum?

~3 x 10**8 m/s

More importantly, what is the speed of light in a fiberoptic connection? 
Speed of electrons in copper wire?



Confidentiality Notice: 
This electronic message and any attachments may contain confidential or 
privileged information, and is intended only for the individual or entity 
identified above as the addressee. If you are not the addressee (or the 
employee or agent responsible to deliver it to the addressee), or if this 
message has been addressed to you in error, you are hereby notified that 
you may not copy, forward, disclose or use any part of this message or any 
attachments. Please notify the sender immediately by return e-mail or 
telephone and delete this message from your system.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: designing the DNS from the scratch

[Sten Carlsen]

On 09/07/2017 20:51, Reindl Harald wrote:
>
> Am 09.07.2017 um 20:41 schrieb Warren Kumari:
>> On Sun, Jul 9, 2017 at 1:59 PM John W. Blue > > wrote:
>>
>> Abdulhadi,
>>
>> __ __
>>
>> Honestly, I think that a design spec of getting DNS responses in 3ms
>> across the board is unrealistic.  My initial MX query for litc.ly
>>  took 367ms:
>>
>> __
>>
>>
>> Like many poorly written / articulated SLAs, the devil is in the
>> details.
>>
>> I could happily read this as the server / service must respond within
>> 3ms. The OP mentioned VIP, so this could be for auth DNS, in which
>> case responding to a query within 3ms is trivial...
>
> no it is not - at least not if there is an internet connection between
> customer and dns server since you hardly get even a 3 ms ping time
>
> on the server itself yes
>
> frankly even in a local network you end with ;; Query time: 1 msec for
> a "dig NS" and that a nameserver can respond on localhost below that
> is completly worthless
>
Thinking about this, the only solution that seems remotely possible is
to let the customer have the DNS server on his premises. That way all
queries that come from cache could be fast enough. Those it needs to
resolve from the Internet, will take longer time.

The next question is who shall maintain that server on his premises? All
sorts of questions come to mind.

-- 
Best regards

Sten Carlsen

No improvements come from shouting:

   "MALE BOVINE MANURE!!!" 

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: designing the DNS from the scratch

[Reindl Harald]

Am 09.07.2017 um 20:41 schrieb Warren Kumari:
On Sun, Jul 9, 2017 at 1:59 PM John W. Blue > wrote:


Abdulhadi,

__ __

Honestly, I think that a design spec of getting DNS responses in 3ms
across the board is unrealistic.  My initial MX query for litc.ly
 took 367ms:

__


Like many poorly written / articulated SLAs, the devil is in the details.

I could happily read this as the server / service must respond within 
3ms. The OP mentioned VIP, so this could be for auth DNS, in which case 
responding to a query within 3ms is trivial...


no it is not - at least not if there is an internet connection between 
customer and dns server since you hardly get even a 3 ms ping time


on the server itself yes

frankly even in a local network you end with ;; Query time: 1 msec for a 
"dig NS" and that a nameserver can respond on localhost below that is 
completly worthless


however, since the OP even don't know if he requires a recursive 
resolver or a authoritative server any discussion is pointless unless 
the OP is completly re-written based on 
http://www.catb.org/esr/faqs/smart-questions.html#beprecise

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: designing the DNS from the scratch

[Warren Kumari]

On Sun, Jul 9, 2017 at 1:59 PM John W. Blue <john.b...@rrcic.com> wrote:

> Abdulhadi,
>
>
>
> Honestly, I think that a design spec of getting DNS responses in 3ms
> across the board is unrealistic.  My initial MX query for litc.ly took
> 367ms:
>
>
>

Like many poorly written / articulated SLAs, the devil is in the details.

I could happily read this as the server / service must respond within 3ms.
The OP mentioned VIP, so this could be for auth DNS, in which case
responding to a query within 3ms is trivial...

W


;; ADDITIONAL SECTION:
>
> exmail.litc.ly. 14400   IN  A   197.215.159.227
>
> dns2.lttnet.net.21600   IN  A   62.240.36.40
>
> dns3.lttnet.net.21600   IN  A   62.240.36.40
>
>
>
> ;; Query time: 367 msec
>
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>
> ;; WHEN: Sun Jul  9 12:50:58 2017
>
> ;; MSG SIZE  rcvd: 144
>
>
>
> Additionally, given the operational environment in which you exist I would
> recommend that you strive for just providing good DNS services in general.
>
>
>
> Good luck.
>
>
>
> John
>
>
>
> *From:* bind-users [mailto:bind-users-boun...@lists.isc.org] *On Behalf
> Of *Abdulhadi Ettwejiri
> *Sent:* Sunday, July 09, 2017 2:32 AM
> *To:* bind-users@lists.isc.org
> *Subject:* designing the DNS from the scratch
>
>
>
> HI,
>
>
>
> we are ISP company , we are providing Internet to our customer, Recently
> one of our VIP customer ask for DNS service, and need the response time
> 3msec, we don't have enough knowledge of DNS,
>   1-To achieve the goal of my customer about the response time I need
> to know what’s the optimal design solution for DNS ( Authoritative or
> Recursive(,or there is other design.
>
> 2-  If the answer in the previous question an “authoritative”, is
> there any registration & technical requirements for so (i.e. ccTLD, …   )
>
>
>
>
>
> *Best regards*
>
>
>
> *Abdulhadi Ettwejiri*
>
> *Technical Support Department*
>
> *[image: Description: LITC-Logo03]*
>
> *Zawia Street inside GPTC building  | Tripoli | Libya | *
>
> *)**  + 218 91 9994265  *  *** *abdulhadi.ettwej...@litc.ly
> <abdulhadi.ettwej...@litc.ly>*
> *(** + 218 21 3600234* *:*  *http://www.litc.ly*
> <http://www.litc.ly/>
>
> *7** + 218 21 361*
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
   ---maf
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: designing the DNS from the scratch

[SM]

Hi Abdulhadi,
At 00:31 09-07-2017, Abdulhadi Ettwejiri wrote:
we are ISP company , we are providing Internet to our customer, 
Recently one of our VIP customer ask for DNS service, and need the 
response time 3msec, we don't have enough knowledge of DNS,


I suggest discussing with your customer about the requirement as it 
is not clear what they are looking for.


Regards,
-sm 


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: designing the DNS from the scratch

[John W. Blue]

Abdulhadi,

Honestly, I think that a design spec of getting DNS responses in 3ms across the 
board is unrealistic.  My initial MX query for litc.ly took 367ms:

;; ADDITIONAL SECTION:
exmail.litc.ly. 14400   IN  A   197.215.159.227
dns2.lttnet.net.21600   IN  A   62.240.36.40
dns3.lttnet.net.21600   IN  A   62.240.36.40

;; Query time: 367 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jul  9 12:50:58 2017
;; MSG SIZE  rcvd: 144

Additionally, given the operational environment in which you exist I would 
recommend that you strive for just providing good DNS services in general.

Good luck.

John

From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of 
Abdulhadi Ettwejiri
Sent: Sunday, July 09, 2017 2:32 AM
To: bind-users@lists.isc.org
Subject: designing the DNS from the scratch

HI,

we are ISP company , we are providing Internet to our customer, Recently one of 
our VIP customer ask for DNS service, and need the response time 3msec, we 
don't have enough knowledge of DNS,

1-To achieve the goal of my customer about the response time I need to know 
what's the optimal design solution for DNS ( Authoritative or Recursive(,or 
there is other design.

2-  If the answer in the previous question an "authoritative", is there any 
registration & technical requirements for so (i.e. ccTLD, ...   )


Best regards

Abdulhadi Ettwejiri
Technical Support Department
[Description: LITC-Logo03]
Zawia Street inside GPTC building  | Tripoli | Libya |
*  + 218 91 9994265* 
abdulhadi.ettwej...@litc.ly<mailto:abdulhadi.ettwej...@litc.ly>
* + 218 21 3600234 *  
http://www.litc.ly<http://www.litc.ly/>
7 + 218 21 361

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: designing the DNS from the scratch

[G.W. Haywood]

Hi there,

On Sun, 9 Jul 2017, Abdulhadi Ettwejiri wrote:

Re: designing the DNS from the scratch


we are ISP company , we are providing Internet to our customer,
Recently one of our VIP customer ask for DNS service, and need the
response time 3msec, we don't have enough knowledge of DNS ...


But you do know the approximate speed of light in a vacuum?

--

73,
Ged.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: designing the DNS from the scratch

[Reindl Harald]

Am 09.07.2017 um 09:31 schrieb Abdulhadi Ettwejiri:
we are ISP company , we are providing Internet to our customer, Recently 
one of our VIP customer ask for DNS service, and need the response time 
3msec, we don't have enough knowledge of DNS,



  1-To achieve the goal of my customer about the response time I
  need to know what’s the optimal design solution for DNS (
  Authoritative or Recursive(,or there is other design.


that question is wrong from the begin and it depends *what* type of dns 
service


if you provide just resolvers for your customer using on his computers 
as resolver it's a recursive (and no recursive server these days should 
answer to the whole internet because of amplification attacks)


if you want to host the nameserver for your customers domains it's 
authoritative


2-If the answer in the previous question an “authoritative”, is there 
any registration & technical requirements for so (i.e. ccTLD, …   )
a domain points to nameservers, on the machine hosting the nameservers 
you have open port 53 TUDP *and* TCP and the zone needs to be setup


here you go:
https://www.iana.org/help/nameserver-requirements
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

designing the DNS from the scratch

[Abdulhadi Ettwejiri]

HI,

we are ISP company , we are providing Internet to our customer, Recently one of 
our VIP customer ask for DNS service, and need the response time 3msec, we 
don't have enough knowledge of DNS,

1-To achieve the goal of my customer about the response time I need to know 
what's the optimal design solution for DNS ( Authoritative or Recursive(,or 
there is other design.

2-  If the answer in the previous question an "authoritative", is there any 
registration & technical requirements for so (i.e. ccTLD, ...   )


Best regards

Abdulhadi Ettwejiri
Technical Support Department
[Description: LITC-Logo03]
Zawia Street inside GPTC building  | Tripoli | Libya |
*  + 218 91 9994265* abdulhadi.ettwej...@litc.ly
* + 218 21 3600234 *  
http://www.litc.ly
7 + 218 21 361

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users