What qualfies a namespace?

Edward Lewis Ed.Lewis at neustar.biz
Tue Oct 24 17:50:12 UTC 2006 

At 5:24 -0700 10/24/06, April wrote:

>Agree with you [Kevin] on the two ... in addition, would it be benifitial
>for a large and complex environment, to configure forwarders on the local
>servers, to skip tree walking but directly go to the peer branches
>directly? Of course in the case assumed not using slaves or stub zones.
>
>Not sure about the "localized hints", do you mean using hints file but
>listing in the file the servers you want the server to be referred to,
>not the roots?

Whether you measure size and complexity in terms of servers, users, 
queries, hops, domains, zones, etc., a general rule is the more stuff 
you keep out of the named.conf the better you are.  You want to rely 
more on the data space (what is in zone files) and replication 
mechanisms (whether AXFR or something else).

Once you hit "large and complex" you do not want to rely on 
forwarding.  The alternative to having to trace all of the tree to 
find data is caching answers.

For example, if you want to access 1.2.3.4.in-addr.arpa. from a 
freshly started cache/interating resolver you will travel to the 
root, then to arpa., then to in-addr.arpa., then to 4.in-addr.arpa., 
and eventually to the answer. (This assumes that in-addr.arpa isn't 
on the root server.)  That sounds like a lot of queries and latency. 
But - it's the worst case, not the normal case.

The next query you may seek is for 3.2.1.4.in-addr.arpa.  You can 
skip the root, arpa, in-addr.arpa, and go directly to 4.in-addr.arpa 
because you would still have that NS set and address in your cache. 
You'll get the answer quickly.

Had you placed a forward for 4.in-addr.arpa. in your resolver, you 
would save the first scenario.  But if the TTL on that is 2 days, you 
are saving just one trip every two days, not a lot, not every trip. 
OTOH, once the servers for 4.in-addr.arpa. are moved, you would have 
to locate all of your forward statements for that zone and edit them. 
This latter point is a real pain, one you will feel in a long run and 
not if you just consider the short run.

If you see "large and complex" coming - minimize the named.conf to 
what you must have.  (You must have rndc, must have logging, must 
have options like "recursion for just my folks", etc. - I don't mean 
to say to cut essentials out.  But try to avoid fancy stuff.)

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

Secrets of Success #107: Why arrive at 7am for the good parking space?
Come in at 11am while the early birds drive out to lunch.

More information about the bind-users mailing list