Setting up a Root name server

[Jim Reid]

>>>>> "chris" == chris  <chris at megabytecoffee.com> writes:

    >> First of all, whether it takes 40ms or 2ms to answer a query
    >> is, to all intents and purposes, irrelevant. It might matter if
    >> you're running www.altavista.com and getting millions of hits a
    >> day, but this is not a typical site. Once a query is answered,
    >> the application has to Do Something: like send packets, set up
    >> a TCP connection, fork a new process, etc, etc. The latency of
    >> all that will usually be much more significant than the few ms
    >> needed to do a DNS lookup.

    chris> That's funny, every time I've switched from using a remote
    chris> DNS to a local caching one, Iv'e seen a remarkable speed
    chris> up. The ONLY think that changed is the RTT to the servers.

So what? Your resolver queries a local server instead of one on the
other side of the planet. The local server replies more
quickly. That's hardly surprising. So why don't you have lots of local
servers?

    chris> It will be authoritative for the .com and .net
    chris> servers. This is for a large network. The speed up is in
    chris> the instant response so the resolvers can go on their way
    chris> in finding the zone information.

This is just silly. Perhaps you'll configure your name servers to
slave every domain known to the DNS "to provide instant response".
If you think you need to do this, you have other deep-seated problems
in your net. [As well as a poor understanding of how the DNS works.]
Nobody else in the world needs to slave .com, .net. etc (or feels the
need to slave them), so what makes things different for you? Really.

    >>  Thirdly, lookups for names in the root zone are rare unless
    >> you have broken DNS software or have things like WINS clients
    >> looking for NetBIOS names in the DNS. There are easy solutions
    >> to those problems: like fixing the configurations and/or
    >> installing up to date DNS software. [Hint: name servers that
    >> support negative caching are your friend.]

    chris> If they are so rare, why does RFC 2010 call for a name
    chris> server that needs to be able to handle 1,200 UDP
    chris> transactions per second?? With less then 5ms of latency.

Because they get huge numbers of queries from the (tens of?) millions
of misconfigured resolvers on the Internet. Plus at least a handful of
queries from each of the world's name servers every day or so. And
let's not overlook the zillions of name servers running prehistoric
DNS code that doesn't do negative caching. Do the sums yourself.

    chris> There are no problems with our nameservers reaching the
    chris> root nameservers, this is only an attempt to improve
    chris> network performance.. 

You've not identified the performance problem, far less indicated how
slaving all the top-level domains will improve things. And my point
remains: faster DNS lookups only matter when the existing DNS setup is
abysmally configured. (Unless you're running something like
www.altavista.com which is trying to do reverse lookups for each one
of the tens of millions of web hits it gets every day. And even then
there are better solutions to that than locally slaving .com or
whatever.) Once the DNS lookup is completed, other factors - like
forking a new process, consulting an access control file, setting up a
TCP/IP connection to the address just looked up, etc - present a more
significant delay or overhead to the application than the time it took
to answer a DNS query.

    >> Lastly, it is simply not true that "most of the root
    >> nameservers can't answer queries all the time". If it were,
    >> there would be no Internet because name lookup would be
    >> unreliable and unpredictable.

    chris> Oh man, when was the last time you actually had to nslookup
    chris> directly from a root name server. a.root-servers.net never
    chris> answeres in the late after noon. The other day, I had one
    chris> of my techs trying to get a response from any root name
    chris> server and 1/2 of them would not reply. They all ping, but
    chris> they couldn't answer a nslookup.

FYI, I have just queried all 13 root servers and they all answer just
fine. Admittedly it's just after 09:00 UTC. So if they don't answer
for you, the problem lies with your net and/or local DNS setup. It
might help you to know that the root servers don't recurse. [They're
only supposed to be queried by name servers, not resolvers in things
like nslookup.] Perhaps your "techs" confuse a referral answer from a
root server - "dont ask me, go query some .TLD name server" - with a
"couldn't answer" response. Maybe your techs are asking the root
servers for www.foo.com and interpret an answer containing the NS and
A records for .com as an error?

BTW why are you so obsesssed with a.root-servers.net? There are
another 12 to pick from.

    chris> Yes, I really know nothing about DNS, I'm just very good at
    chris> faking it.

And you're not doing a very good job at that.