Setting up a Root name server

chris chris at megabytecoffee.com
Fri Sep 3 21:43:23 UTC 1999 


Jim Reid wrote:

> >>>>> "chris" == chris  <chris at megabytecoffee.com> writes:
>
>     chris> So you are telling me that by having a root nameserver that
>     chris> can answer query's faster I would not speed up my network?
>
> That's right.
>
>     chris> I Think your flame is flawed.
>
> You might well think that, but that doesn't mean what you were told
> wasn't true.
>
>     chris> If my resolving DNS server has a list of root name servers
>     chris> that at best are 40ms away. It is going to take A LOT more
>     chris> time to access then a root nameserver that is say.. 2ms
>     chris> away. Not to mention that most of the root nameservers
>     chris> can't answer queries all the time. Sometimes
>     chris> a.root-servers.net works great.. and other times it
>     chris> sucks. By having a root server on our network with the best
>     chris> RTT that can answer query's all the time, we bypass all
>     chris> that.
>
> This is utter nonsense.
>
> First of all, whether it takes 40ms or 2ms to answer a query is, to
> all intents and purposes, irrelevant. It might matter if you're
> running www.altavista.com and getting millions of hits a day, but this
> is not a typical site. Once a query is answered, the application has
> to Do Something: like send packets, set up a TCP connection, fork a
> new process, etc, etc. The latency of all that will usually be much
> more significant than the few ms needed to do a DNS lookup.
>

That's funny, every time I've switched from using a remote DNS to a local
caching one, Iv'e seen a remarkable speed up. The ONLY think that changed
is the RTT to the servers.



>
> Secondly, having a root server isn't going to "speed things up". That
> name server will continue to refer you to the .com, .net etc name
> servers. And it will keep track of the RTTs to those servers too, just
> like a non-root server does. So where's the speed up?
>

It will be authoritative for the .com and .net servers. This is for a
large network. The speed up is in the instant response so the resolvers
can go on their way in finding the zone information.

>
> Thirdly, lookups for names in the root zone are rare unless you have
> broken DNS software or have things like WINS clients looking for
> NetBIOS names in the DNS. There are easy solutions to those problems:
> like fixing the configurations and/or installing up to date DNS
> software. [Hint: name servers that support negative caching are your
> friend.]
>

If they are so rare, why does RFC 2010 call for a name server that needs
to be able to handle 1,200 UDP transactions per second?? With less then
5ms of latency. I have up to date DNS software. I actually track the BIND
versions pretty closely.


>
> Fourthly, if your name server has trouble reaching the internet root
> servers, it suggests there is a deeper problem: like poor connectivity
> or a congested network link. Having your own root server isn't going
> to fix those problems or even work around them. Your proposed root
> name server would still have problems sending out queries and getting
> the replies back.

There are no problems with our nameservers reaching the root nameservers,
this is only an attempt to improve network performance.. I'm sure that the
world can function with a 14.4 modem, but personally I prefer something a
bit faster. (You can have my 14.4 modem if you like.. It's in a box...
somewhere).

>
>
> Lastly, it is simply not true that "most of the root nameservers
> can't answer queries all the time". If it were, there would be no
> Internet because name lookup would be unreliable and unpredictable.

Oh man, when was the last time you actually had to nslookup directly from
a root name server. a.root-servers.net never answeres in the late after
noon. The other day, I had one of my techs trying to get a response from
any root name server and 1/2 of them would not reply. They all ping, but
they couldn't answer a nslookup.


>
> Most of the root name servers answer queries almost all of the time
> (save for perhaps a window of perhaps 60 seconds every few days when
> one of them gets reloaded or when the operator switches between the
> production and standby systems). The root name servers are *very*
> highly available: they have to be. Go and read RFC2010 and then think
> about how to provide a service that meets the requirements of that
> RFC. ISTR there was some interesting background on the operation of
> the root name servers on ICANN's web site.
>

I've read just about every DNS related RFC there is, I'm rather familiar
with 2010. Most of the stuff in there is just common sense. "make it
secure, and make it fast" .. actually 2010 is a good rule of thumb for
just about any high end high visibility server.


>
>     chris> I'm not sure where you get off saying that I don't know how
>     chris> DNS operates.
>
> Well it's quite clear from what you've posted that you don't really
> understand the DNS. So it's hardly surprising if someone points that
> out to you. If you say something silly in a public forum, it's not
> unreasonable to expect that to be pointed out in public too.

Yes, I really know nothing about DNS, I'm just very good at faking it.

- Chris

More information about the bind-users mailing list