AW: Why did my DNS bill go up?

Klaus Darilion klaus.darilion at nic.at
Fri Apr 15 06:45:00 UTC 2022 

Hi Andrew!

DNSSEC is more costly: more Ressource Records to hold on disk, to hold in memory and more queries and more IP traffic. If the DNSSEC signing is also done by the DNS provider there would be additional ressources for the signing service and risks when doing something wrong.

For a single domain, these additional ressources for DNSSEC would be neglectable, if you have 1 mio Zones signed or unsigned it makes a hughe difference to the DNS provider. So, yes, DNSSEC costs additional ressources, and depending on the business model of the DNS provider he will charge you for that (although everybody expects security to be for free)

regards
Klaus

> -----Ursprüngliche Nachricht-----
> Von: bind-users <bind-users-bounces at lists.isc.org> Im Auftrag von Andrew
> P.
> Gesendet: Donnerstag, 14. April 2022 14:23
> An: bind-users at lists.isc.org
> Betreff: Why did my DNS bill go up?
> 
> Greetings, all.
> 
> I had a surprise on the bill from my secondary DNS provider after I turned on
> DNSSEC. The number of record queries on my domains increased by a factor
> of about 5, compared to the number of record queries when I didn't have
> DNSSEC. Is this normal for DNSSEC? It's been a consistent significantly higher
> query level since deploying DNSSEC 3 months ago on 2 small domains (total
> of 120 records across the two domains), and it was 57 new RRSIG, DNSKEY,
> and NSEC3PARAM records added the domains for the DNSSEC.
> 
> The average number of attacks per day on my webserver (according to the
> server logs) does not appear to have increased since the DNSSEC
> deployment.
> 
> This is for the ka2ddo.org and ka2ddo.radio domains.
> 
> So, is DNSSEC really that much more costly in terms of queries?
> 
> Andrew Pavlin
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this
> list
> 
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list