[redirected to DNSOP]
Michael,
On Aug 25, 2009, at 1:50 PM, Michael Graff wrote:
All I'm saying is that I don't want someone to benchmark current DNS
implementations (which are likely optimized only for UDP) and then use
this as proof that the sky is falling.
What would you prefer us benchmark?
As you're aware, sometime in the near future, the root is going to be
signed. Due to the way DNS server implementers interpreted RFC 3225,
somewhere around 70% of the queries to the root will result in a
DNSSEC response the day the root is signed (regardless of whether the
querying resolver will do anything with the data). Based on studies
done with DITL data, we have some reason to believe somewhere around
1-2% of the 10,000 queries per second at least one root server
receives will fall back to TCP. While I am certain that the root
server ICANN runs can easily handle the load, I do not know about the
other root servers (I assume they can, but since they are all run
independently and there are no publicly agreed upon standards or
service level commitments, it is difficult to be confident) nor do I
have the slightest clue about how much head room the other root
servers have.
Since time is quite short for folks to upgrade their servers and given
some root server operators are financially / operationally /
politically constrained in how they would go about doing the upgrade,
it seems to me that current DNS implementations are exactly what we
should be benchmarking.
Regards,
-drc
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop