Why forwarding is a Bad Thing

Simon Waters Simon at wretched.demon.co.uk
Fri Mar 23 12:00:49 UTC 2001


Jim Reid wrote:
> 
>     Simon> And what about ns_root.c in BIND 9 - hard wiring in some
>     Simon> nominum preferred root servers tsck.
> 
> They are not "Nominum preferred", they *are* the root servers. I
> suppose Nominum prefers them, just like everyone else does. Well apart
> from the crazies who set up their own rival Internet roots.

I was refering to companies using their own root servers internally -
not the crazies who think they can usurp ICANN and still not break the
Internet. 

Just seems to me that this is just the kind of stuff my programs use to
get kicked out at source code review for hard coding, kind of defeats
the point of a "root hints" file. 

Okay we all got tired of questions on root hints - but at least they had
to read some documentation.
 
>     >> [8] A name server will usually be quicker resolving things for
>     >> itself than forwarding the queries elsewhere for resolving.
> 
>     Simon> You got figures for that - I've got the opposite - to as
>     Simon> much as 1/3rd second per lookup. Your ignoring caching -
>     Simon> that is the whole point of using forwarders.
> 
> True, I did ignore caching. The benefits are dubious: your claimed
> third of a second speed up is unlikely to matter. Try running a
> forwarding and non-forwarding name server. Can you really tell the
> difference in lookup times unless you measure them with a stop watch?

I think I can tell the difference in terms of needing to reload pages -
but that is subjective and I prefer objective measures on my performance
testing.

The third of a second was a "near" worst case scenario as a spin off
from a DNS survey. It is rare somebody asked for the name servers for
500 sites sequentially (Except perhaps people sending bulk e-mail), but
then people don't usually stop at asking for the name servers they
usually ask for MX records or whatever from those nameservers, which
would have made the timings worse for people using the root name
servers.

We are talking about several minutes extra doing DNS lookup for mailing
lists of a few hundreds of entries, this is a substantial proportion of
the time taken to deliver to such a mailing list.

But you also have to be careful of assumptions - viewing a web page
these days can involve many DNS lookups covering adverts and preference
tracking rather than just the one. So drop in a couple of 2 second waits
and your back to a world wide wait.

I suspect you are right as far as internal forwarders within a company
go - I doubt the cache in most companies is large enough to make a
difference - and when they start shipping data over expensive
international internal links as opposed to cheaper local Internet links
to look up geographically close data, well that sounds problematic. I
guess I'm focusing on forwarding to ISP name servers - if your ISP is
big enough to do DNS well, and to build a large cache.

>     >> target server has to be configured with the details of every
>     >> apex zone in the internal name space. This can be very messy to
>     >> set up and maintain. And it probably won't be documented....
> 
>     Simon> Your losing me here. As opposed to what? Configuring every
>     Simon> zone to be zone transfered?
> 
> No, letting the name servers find out things for themselves.

Your still losing me - what configuration are you thinking off.
 
-- 
Want to learn about Linux? Get it installed?
Devon and Cornwall LUG Event for UK Linux Day 
Exeter University - Sunday April 29th 2001 10:00 to 17:00
www.linuxday.org.uk or join D&C LUG www.lug.termisoc.org


More information about the bind-users mailing list