Re: [DNSOP] Masataka Ohta's 2004 draft...
Francis Dupont wrote: >> >> Does "several thousands of queries per second during normal >> >> operations" with TCP matter? >> > >> > => yes because it is at the limit current OSs can do on cheap stock >> > hardware... >> >> Are you saying real root servers are using cheap stock hardware? > > => current real root servers no but if Read the draft, before repeatedly demonstrating your stupidity in public. It is about the current configuration. Moreover, > we'd like to run 100 or 100 > times more we have first to lower requirements on the hardware. then, even though you haven't read the draft, it is obvious that 100 times more root servers means 100 times less load. > And the argument applies to not root servers too. The argument in the draft is on the root servers. >> Aren't you arguing that the server should close connections >> only after a timeout because the server can not accept so >> many new connections? > > => no, I am arguing the requirement on TCP DNS to close at the server > side only after a timeout It is because someone (Paul Vixie, perhaps) thought that several thousands new connection per second was harmful. Thus, today, the timeout can be 5, 1 or 0 seconds, if longer timeout is a problem (it is not, see below). > makes most kernel improvements for HTTP servers > useless for TCP DNS. Don't you know that, with HTTP/1.1, TCP connection is kept open even after a single query? I wonder how you can say "I wrote OS". Masataka Ohta ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Masataka Ohta's 2004 draft...
In your previous mail you wrote: > >> Does "several thousands of queries per second during normal > >> operations" with TCP matter? > > > > => yes because it is at the limit current OSs can do on cheap stock > > hardware... > > Are you saying real root servers are using cheap stock hardware? => current real root servers no but if we'd like to run 100 or 100 times more we have first to lower requirements on the hardware. And the argument applies to not root servers too. > > PS: I wrote OS because the first reached perf limit is in the kernel, > > not in the DNS server. And if you argue Web servers support far more, > > the TCP DNS issue is the server should close connections only after > > a timeout... > > Aren't you arguing that the server should close connections > only after a timeout because the server can not accept so > many new connections? => no, I am arguing the requirement on TCP DNS to close at the server side only after a timeout makes most kernel improvements for HTTP servers useless for TCP DNS. Regards francis.dup...@fdupont.fr ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Masataka Ohta's 2004 draft...
Francis Dupont wrote: > In your previous mail you wrote: > >> Does "several thousands of queries per second during normal >> operations" with TCP matter? > > => yes because it is at the limit current OSs can do on cheap stock > hardware... Are you saying real root servers are using cheap stock hardware? > PS: I wrote OS because the first reached perf limit is in the kernel, > not in the DNS server. And if you argue Web servers support far more, > the TCP DNS issue is the server should close connections only after > a timeout... Aren't you arguing that the server should close connections only after a timeout because the server can not accept so many new connections? Masataka Ohta ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Masataka Ohta's 2004 draft...
Paul Vixie wrote: Hi, > this author isn't in toronto so i'll answer here-- i had not and have > not compared -lee-dnsop-scalingroot- to -ohta-shared-root-. Security consideration section of my draft explains why allowing all the ISPs run their own anycast root servers does not make plain DNS less secure. That is, their is no reason to use DNSSEC for anycast root. Masataka Ohta ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Masataka Ohta's 2004 draft...
David Conrad wrote: > Masataka, > > On Jul 23, 2014, at 7:57 AM, Masataka Ohta > wrote: >> http://tools.ietf.org/html/draft-ietf-dnsop-ohta-shared-root-server-03 >> In what context, did you mention it? > > I asked if the authors had compared their draft > (http://tools.ietf.org/html/draft-lee-dnsop-scalingroot-00) to yours. this author isn't in toronto so i'll answer here-- i had not and have not compared -lee-dnsop-scalingroot- to -ohta-shared-root-. vixie ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Masataka Ohta's 2004 draft...
In your previous mail you wrote: > Does "several thousands of queries per second during normal > operations" with TCP matter? => yes because it is at the limit current OSs can do on cheap stock hardware... Regards francis.dup...@fdupont.fr PS: I wrote OS because the first reached perf limit is in the kernel, not in the DNS server. And if you argue Web servers support far more, the TCP DNS issue is the server should close connections only after a timeout... ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Masataka Ohta's 2004 draft...
Hector Santos wrote: > What has been crossing my mind regarding this NULL MX setup, was the > possible privacy issue with NULL MX root domain "Traceability" aspect > with legacy MTAs performing SMTP "Implicit MX" (No MX record, Fallback > to A record) logic. What will the A query IP resolved to when the > exchange points to the root? If millions of anycast root servers without a centralized administrator are distributed world wide, it makes it difficult for NSA monitor queries to all the root servers, because of massive number of them. And, it's not just for NULL MX. Many queries go to the root servers. Masataka Ohta PS OTOH, queries to 8.8.8.8 administrated by google are easy victims of NSA. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Masataka Ohta's 2004 draft...
David Conrad wrote: > I asked if the authors had compared their draft > (http://tools.ietf.org/html/draft-lee-dnsop-scalingroot-00) to yours. Hm, the draft inappropriately assumes having a lot of anycast addresses is better even though several ones are enough. But, the following statement in the draft: > However, the costs of using TCP rather than > UDP, in terms of system and network resources, are much higher and > can have significant impact on systems such as name servers that may > receive several thousands of queries per second during normal > operations. is more disturbing to me. Does "several thousands of queries per second during normal operations" with TCP matter? Masataka Ohta ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Masataka Ohta's 2004 draft...
Hector, On Jul 23, 2014, at 8:37 AM, Hector Santos wrote: > Maybe a coincidence. The NULL MX specifications defines a NULL MX record > setup: I think this is unrelated. The context was in discussions relating to alternative mechanisms for obtaining root name service. Regards, -drc signature.asc Description: Message signed with OpenPGP using GPGMail ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Masataka Ohta's 2004 draft...
Masataka, On Jul 23, 2014, at 7:57 AM, Masataka Ohta wrote: > David Conrad wrote: >> Since I mentioned it and some folks said "where is it?": >> >> http://tools.ietf.org/html/draft-ietf-dnsop-ohta-shared-root-server-03 > > In what context, did you mention it? I asked if the authors had compared their draft (http://tools.ietf.org/html/draft-lee-dnsop-scalingroot-00) to yours. Regards, -drc signature.asc Description: Message signed with OpenPGP using GPGMail ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Masataka Ohta's 2004 draft...
On 7/23/2014 7:57 AM, Masataka Ohta wrote: David Conrad wrote: Since I mentioned it and some folks said "where is it?": http://tools.ietf.org/html/draft-ietf-dnsop-ohta-shared-root-server-03 In what context, did you mention it? Masataka Ohta I'm interested to know. Maybe a coincidence. The NULL MX specifications defines a NULL MX record setup: Exchange : "." (root) Preference: 0 What has been crossing my mind regarding this NULL MX setup, was the possible privacy issue with NULL MX root domain "Traceability" aspect with legacy MTAs performing SMTP "Implicit MX" (No MX record, Fallback to A record) logic. What will the A query IP resolved to when the exchange points to the root? (Pete, Dave, this is my only question/concern, if real, about the NULL MX proposal) -- HLS ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Masataka Ohta's 2004 draft...
David Conrad wrote: > Since I mentioned it and some folks said "where is it?": > > http://tools.ietf.org/html/draft-ietf-dnsop-ohta-shared-root-server-03 In what context, did you mention it? Masataka Ohta ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
[DNSOP] Masataka Ohta's 2004 draft...
Since I mentioned it and some folks said "where is it?": http://tools.ietf.org/html/draft-ietf-dnsop-ohta-shared-root-server-03 Regards, -drc signature.asc Description: Message signed with OpenPGP using GPGMail ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop