Setting up a Root name server

chris chris at megabytecoffee.com
Mon Sep 6 17:29:01 UTC 1999



Jim Reid wrote:

> >>>>> "chris" == chris  <chris at megabytecoffee.com> writes:
>
>     >> First of all, whether it takes 40ms or 2ms to answer a query
>     >> is, to all intents and purposes, irrelevant. It might matter if
>     >> you're running www.altavista.com and getting millions of hits a
>     >> day, but this is not a typical site. Once a query is answered,
>     >> the application has to Do Something: like send packets, set up
>     >> a TCP connection, fork a new process, etc, etc. The latency of
>     >> all that will usually be much more significant than the few ms
>     >> needed to do a DNS lookup.
>
>     chris> That's funny, every time I've switched from using a remote
>     chris> DNS to a local caching one, Iv'e seen a remarkable speed
>     chris> up. The ONLY think that changed is the RTT to the servers.
>
> So what? Your resolver queries a local server instead of one on the
> other side of the planet. The local server replies more
> quickly. That's hardly surprising. So why don't you have lots of local
> servers?
>

We already have lots of local servers, we have 6 servers, 4 authoritative
and 2 resolvers. I would like to do everything I can to speed up the
resolvers and provide our customers with the fastest possible service.

>
>     chris> It will be authoritative for the .com and .net
>     chris> servers. This is for a large network. The speed up is in
>     chris> the instant response so the resolvers can go on their way
>     chris> in finding the zone information.
>
> This is just silly. Perhaps you'll configure your name servers to
> slave every domain known to the DNS "to provide instant response".
> If you think you need to do this, you have other deep-seated problems
> in your net. [As well as a poor understanding of how the DNS works.]
> Nobody else in the world needs to slave .com, .net. etc (or feels the
> need to slave them), so what makes things different for you? Really.
>

Slave? Who said anything about slave? I see the word "Authoritative" in
that paragraph.

>
>     >>  Thirdly, lookups for names in the root zone are rare unless
>     >> you have broken DNS software or have things like WINS clients
>     >> looking for NetBIOS names in the DNS. There are easy solutions
>     >> to those problems: like fixing the configurations and/or
>     >> installing up to date DNS software. [Hint: name servers that
>     >> support negative caching are your friend.]
>
>     chris> If they are so rare, why does RFC 2010 call for a name
>     chris> server that needs to be able to handle 1,200 UDP
>     chris> transactions per second?? With less then 5ms of latency.
>
> Because they get huge numbers of queries from the (tens of?) millions
> of misconfigured resolvers on the Internet. Plus at least a handful of
> queries from each of the world's name servers every day or so. And
> let's not overlook the zillions of name servers running prehistoric
> DNS code that doesn't do negative caching. Do the sums yourself.
>

I'm sure you are happy with good enough, I personally like to try to make
things faster and work better.

>
>     chris> There are no problems with our nameservers reaching the
>     chris> root nameservers, this is only an attempt to improve
>     chris> network performance..
>
> You've not identified the performance problem, far less indicated how
>

There isn't a problem.

> slaving all the top-level domains will improve things. And my point
>

I'm not slaving.

> remains: faster DNS lookups only matter when the existing DNS setup is
>

You are full of shit on that one. Faster DNS look up is one of the key
things that makes an internet connection fast.

> abysmally configured. (Unless you're running something like
> www.altavista.com which is trying to do reverse lookups for each one

As I've said in a few other posts. Yes we are running sites like
altavista. Yes we do have a ton of traffic. If one of our customers wants
to resolve the 50 million hits a day they get, then we are going to make
sure they can do it.

>
> of the tens of millions of web hits it gets every day. And even then
> there are better solutions to that than locally slaving .com or
> whatever.) Once the DNS lookup is completed, other factors - like
> forking a new process, consulting an access control file, setting up a
> TCP/IP connection to the address just looked up, etc - present a more
> significant delay or overhead to the application than the time it took
> to answer a DNS query.
>

I work with what I can control. I run the DNS servers here, and I would
like to do what I can to make things as fast as possible with the
resources available.

>
>     >> Lastly, it is simply not true that "most of the root
>     >> nameservers can't answer queries all the time". If it were,
>     >> there would be no Internet because name lookup would be
>     >> unreliable and unpredictable.
>
>     chris> Oh man, when was the last time you actually had to nslookup
>     chris> directly from a root name server. a.root-servers.net never
>     chris> answeres in the late after noon. The other day, I had one
>     chris> of my techs trying to get a response from any root name
>     chris> server and 1/2 of them would not reply. They all ping, but
>     chris> they couldn't answer a nslookup.
>
> FYI, I have just queried all 13 root servers and they all answer just
> fine. Admittedly it's just after 09:00 UTC. So if they don't answer
> for you, the problem lies with your net and/or local DNS setup. It
>

Since when does using nslookup to query a root server have anything to do
with local DNS setup, and as far as my network, I'm proud to say that I'm
sitting on one of the better networks in southern california.

> might help you to know that the root servers don't recurse. [They're

Yeah, we covered this about 3 days ago.. I think just about everyone
reading this newsgroup knows how root nameservers function to that degree.

>
> only supposed to be queried by name servers, not resolvers in things
> like nslookup.] Perhaps your "techs" confuse a referral answer from a
>

no, it's more like you type in nslookup, set server to a root server that
you KNOW is geographically close to you, send it a query and get no
response. Then you try another root server and still get no response. When
this came up it was at about 6pm on a week day.. and I'm sure the internet
was really cramped at that hour. But, the fact still remains, if I can get
a root server on my network, and get our local nameserves to query it, and
have our customers nameservers query it, it will speed things up. I don't
know how much it will speed things up but I would like to find out. Since
no one seems to have done this before.

> root server - "dont ask me, go query some .TLD name server" - with a
> "couldn't answer" response. Maybe your techs are asking the root
> servers for www.foo.com and interpret an answer containing the NS and
> A records for .com as an error?

>
> BTW why are you so obsesssed with a.root-servers.net? There are
> another 12 to pick from.
>

Really?? Wow..

>
>     chris> Yes, I really know nothing about DNS, I'm just very good at
>     chris> faking it.
>
> And you're not doing a very good job at that.

I promise I'll try harder.



More information about the bind-users mailing list