[bind10-dev] BIND 10 Resolver Research

Shane Kerr shane at isc.org
Mon Jun 25 21:57:04 UTC 2012 

All,

This is an informational message to let everyone know what's going on
from the side of the BIND 10 resolver.

We've been spending our time improving the authoritative server, and
expect to release a beta at the end of September. After that, we'll
shift focus to working on the resolver.

The resolver work has 3 goals:

1. DNSSEC validation
2. Transparency
3. Performance

DNSSEC validation means actually performing NSEC and NSEC3 validation.

Transparency means being able to figure out what the server is doing
for any particular query and why. DNS resolution can be fantastically
complex, with the mapping of domains to name servers to addresses
combined with cache interactions. A smart server will also collect
client queries that are waiting for the same data at the same time. Mix
in DNSSEC and it can be quite confusing. At the very least we want BIND
10 to be able to do "query tracing" and show an administrator what the
server is doing on behalf of any particular query.

The performance issue is the one that will make the resolution problem
interesting. On the authoritative side, performance is of course
important, but even a very low-powered server can handle 10's of
thousands of queries now, and exceeds the query rate of all but a
very few servers. On the recursive side, there appears to be NO LIMIT
to the amount of performance required by large ISPs.

So, resolver performance is key. I think that there are two main
aspects that we will need to tackle to get maximum performance: 

* Raw query processing power
  This is the ability to answer questions out of cache as quickly as
  possible.

* Intelligent resolver behavior
  This is being smart about what packets to send and when, in order to
  get the very best possible cache hit rates, and otherwise minimize
  client latencies.

To do this in the best way, we need to do things differently than they
have been done before. We have ideas about the designs needed here, but
this falls squarely in the 'research' part of R&D. 

What we don't want to happen is for us to discover in October that our
ideas about how to build a resolver are still unformed. So I've asked
Jinmei to do some research over the next few months in order to give us
a better idea about the kinds of architectural options that make sense.
He'll still be working with the rest of the BIND 10 team, but his focus
will be shifting away from day-to-day development to this resolver
research over the remainder of this and part of the next sprint.

I think BIND 10 is already a really cool authoritative server, and I am
looking forward to making a truly kick-ass recursive resolver too!

Cheers,

--
Shane

More information about the bind10-dev mailing list