On Tue, 29 Mar 2005, Jaap Akkerhuis wrote:
> <...> Forward means that people need to be able to use DNS over TCP
>
> The way forward to what?
``Forward to a point in time where typical DNS utilises TCP more than it
does now, as is likely with DNSSEC (due to the increased packet size).''
However, Dean... ``Put up, or shut up'' [1].
Phrased more elequontly, I think both sides would find it beneficial if
you would put all of the PPLB-specific issues into an Internet Draft, and
submitted it via the normal processes. That gives both sides something to
reference rather than just ``check the archives'', and it will be far, far
better than this issue continually coming up on this list with no clear
conclusion being accepted by either side.
Heres a few starting points for your draft Dean, being my possibly
biased[2] summary of the periodic PPLB rehash:
In '6 months', DNSSEC will be introduced. Likely, this will
increase the number of TCP DNS queries from SMALL% to
SLIGHTLY-LESS-SMALL% . UDP queries will, quite likely, remain
at HIGH% of total queries.
As Per-Packet Load Balancing is known to break TCP streams under
certain conditions, this draft outlines the conditions and
recommendations for end-sites and zone administrators where
BGP-anycasted nameservers are in use.
Outline of PPLB and TCP problems... blah blah blah.
Outline of PPLB and specific DNS TCP problems... blah blah blah.
Recommendations for End-Sites:
PPLB over multiple links to the same upstream AS are not
seen to be a problem, except when used with time-critical
application (such as VoIP), which have issues with packets
arriving out of order.
PPLB over multiple links to differing upstream ASes can be
a problem if the remote end of the TCP connection has been
BGP-anycasted. Where possible, end-sites should not use
PPLB for protocols which are likely to be BGP-anycasted,
such as DNS.
Recommendations for zone administrators:
If your listed, authoritative servers are utilising
BGP-anycast, try to have at least one listed server for
the zone which is unicast. This will continue to provide
service to PPLB-using end-sites which have not turned off
PPLB for specific protocols such as DNS.
Remember that excessively long records will, quite likely,
cause clients to flip from UDP to DNS. Try to avoid this
on very popular zones by taking advantage of name
compression or other tricks.
--==--
Bruce.
[1] Bound to get me in Dean's list of people to complain about. ;)
[2] Yes, I have been involved with a root server being anycasted.
.
dnsop resources:_____________________________________________________
web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html
mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
