[bind10-dev] hardwiring negative cache entries

Michal 'vorner' Vaner michal.vaner at nic.cz
Sun Nov 28 10:44:49 UTC 2010 

Hello

On Sat, Nov 27, 2010 at 11:01:08PM -0800, Jerry Scharf wrote:
> The person said that 40% of their queries are for domains that don't 
> exist. This has a huge negative impact on the recursive server capacity. 
> To solve it, they have created local authoritative zones that return 
> errors and make the performance close to normal. They wanted some way to 
> do this without having to create and operate all these fake zones.

Well, I don't have experience about operating a DNS server, but I wouldn't
really be surprised by that 40%, people make typos. Therefore the goal should be
to write the server so it is not slowed down by 40%, that a negative answer
shouldn't take more time than positive.

But if I understand you correctly, you put this as an example of a feature that
nobody would probably thought of beforehead and the system should be flexible
enough to allow it at any later time without large rewrite. If so, I fully
agree.

Just what I thought the goal was is to be able to anyone to plug another layer
in front of the cache (well, in front of anything, that's what we talked about
on the f2f ‒ this is the extensibility as I understand it). So they would write
an extension that would check the domain name (assume, for the example, that by
a regexp, but that does not matter). If it did match, it would return right away
and never call the cache.

Another one would be, I think we will need a way to ensure some cache entries
are not deleted too soon (a way to hold them locked or something). If this was
there, it wouldn't be hard to just dump them into the cache at startup and keep
them locked infinitely. But that is a more hackish solution.

With regards

-- 
I still miss Windows, but my aim is getting better.

Michal 'vorner' Vaner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind10-dev/attachments/20101128/ec834ad8/attachment.bin>

More information about the bind10-dev mailing list