> The specific thing I've been concerned about was not the probability of > a dns loss, although as you note the consequences are huge - > but the frequency and cost of a cache miss and the resulting fill. > > This is a very simple namebench test against the alexa top 1000: > > http://snapon.lab.bufferbloat.net/~d/namebench/namebench_2014-03-20_1255.html > > This is a more comprehensive one taken against my own recent web history file. > > http://snapon.lab.bufferbloat.net/~d/namebench/namebench_2014-03-24_1541.html > > Both of these were taken against the default SQM system in cerowrt > against a cable modem, so you can > pretty safely assume the ~20ms (middle) knee in the curve is basically > based on physical > RTT to the nearest upstream DNS server. > > And it's a benchmark so I don't generally believe in the relative hit > ratios vs a vs "normal traffic", but do think the baseline RTT, and > the knees in the curves in the cost of a miss and file are relevant.
To be utterly clear here, the ~20ms knee in this data is a variable dependent on the RTT to the nearest upstream DNS server. Most - nearly all - ISPs - have a hefty dns server in their co-location facility, but the baseline physical RTT is dependent on the actual technology in use. The actual RTT of an query is dependent on the outstanding queue length in a single queue AQM, unless otherwise prioritized. If prioritized (cerowrt's 3 band system does this for queries coming from the router) I imagine the packet loss rate drops hugely, also. To give an extreme example of the DNS rtt problem, dns lookups over satellite links take 800+ms, and this is one reason why web proxy servers are so common in such environments as the whole query is shipped to a local-to-the-internet proxy server so as to avoid this rtt cost. This technique is of increasingly limited value in an age of e2e encryption. Also: recently we've seen increasing use of non-local or otherwise redirected dns servers such as here http://www.cnet.com/news/google-confirms-turkey-is-blocking-its-dns-service/ It would be a good research project for someone to catagorize typical nearest-upstream DNS RTTs, the availability of local-to-site dns servers, hit/miss ratios in homes and small business, the cost of dnssec, etc. -- Dave Täht NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article _______________________________________________ aqm mailing list aqm@ietf.org https://www.ietf.org/mailman/listinfo/aqm