Potential Problems - ISP building 'root mirrors'
dwmalone at maths.tcd.ie
dwmalone at maths.tcd.ie
Tue Jun 28 11:14:59 UTC 2005
Mark Andrews <Mark_Andrews at isc.org> writes:
> Mirroring the root can do more than provide some DoS protection.
> It will also changes the load pattern on the real roots. Rather
> than receiving loads of garbage queries (basically the ones the
> roots return NXDOMAIN too) they will go to handling refresh (SOA)
> queries and zone transfers.
I did some measurements of this after it came up on one of the FreeBSD
mailing lists. The paper was at the IMC last year:
http://www.imconf.net/imc-2004/papers/p15-malone.pdf
It seemed that it reduced the number of queires to the root server,
but the byte volume of traffic was similar. It certainly reduced
the number of bogus queires that were issued to the root server
significantly.
> The real question is whether the shift in usage pattern better or
> worse for the roots. As far as I am aware this has not yet been
> measured.
I speculated on this a little in the paper. Some of the remaining
queries seemed to be BIND system queires that I didn't understand,
you'd probably be the person who could explain them. As far as I
could determine, it could be quite promising for the root operators
if the SOA parameters were adjusted and the resources consumed by
having TCP connections open wasn't too serious.
Any feedback or comments on the paper are welcome.
David.
More information about the bind-users
mailing list