IETF Logo Mail Archive

Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?

bert hubert <bert.hubert@netherlabs.nl> Wed, 23 July 2008 23:39 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EB5F33A63C9; Wed, 23 Jul 2008 16:39:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.907
X-Spam-Level:
X-Spam-Status: No, score=0.907 tagged_above=-999 required=5 tests=[AWL=-2.570, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_DYNAMIC_DHCP=1.398, HELO_EQ_DSL=1.129, HELO_EQ_NL=0.55, HELO_MISMATCH_NL=1.448, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6XJ1GTXUtS5u; Wed, 23 Jul 2008 16:39:32 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id D3C263A6857; Wed, 23 Jul 2008 16:39:31 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KLnqm-0008DF-7l for namedroppers-data@psg.com; Wed, 23 Jul 2008 23:34:28 +0000
Received: from [82.93.240.211] (helo=adsl-xs4all.ds9a.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <ahu@outpost.ds9a.nl>) id 1KLnqi-0008C8-2i for namedroppers@ops.ietf.org; Wed, 23 Jul 2008 23:34:26 +0000
Received: from outpost.ds9a.nl ([85.17.220.215] ident=postfix) by adsl-xs4all.ds9a.nl with esmtp (Exim 4.63) (envelope-from <ahu@outpost.ds9a.nl>) id 1KLn8g-0007vC-NG for namedroppers@ops.ietf.org; Thu, 24 Jul 2008 00:48:54 +0200
Received: by outpost.ds9a.nl (Postfix, from userid 1000) id 9E8913F64; Thu, 24 Jul 2008 00:49:08 +0200 (CEST)
Date: Thu, 24 Jul 2008 00:49:08 +0200
From: bert hubert <bert.hubert@netherlabs.nl>
To: Mark Andrews <Mark_Andrews@isc.org>
Cc: David Conrad <drc@virtualized.org>, Ben Laurie <ben@links.org>, DNSEXT WG <namedroppers@ops.ietf.org>
Subject: Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?
Message-ID: <20080723224908.GA1935@outpost.ds9a.nl>
References: <20080723183227.GA11957@outpost.ds9a.nl> <200807232239.m6NMd2p9063651@drugs.dv.isc.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <200807232239.m6NMd2p9063651@drugs.dv.isc.org>
User-Agent: Mutt/1.5.9i
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

On Thu, Jul 24, 2008 at 08:39:02AM +1000, Mark Andrews wrote:
> > 2) DNS has been hardened using random source ports
> 	Which does not work well for large recursive servers due
> 	to port/descriptor exhaustion.

Unsure what you refer to - this stuff has been in production for years now,
at high query levels (20-30kqps per IP address), without problems.

It takes some work, but high performance is never easy. It is a well solved
problem however (by now).

	Bert

-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.23.0 | Report a Bug | By Email