[Hipsec-rg] reverse DNS lookups of HITs

[oleg.ponomarev at hiit.fi (Oleg Ponomarev)]

Hi! On Mon, 12 Jan 2009, Henderson, Thomas R wrote:

>> I guess one modern server could keep like ten million records in RAM? 
>> How many base exchanges can it do per second? Reverse DNS updates are 
>> rare anyway.
>>
>> When HIP gets widely deployed and there are millions of users, we might 
>> hope to use more resources :)
>
> This type of question is precisely what this research group's primary 
> charter is to answer, in my opinion.  What are the consequences of 
> deploying HIP on a large scale in the Internet?  If it means that we 
> will have a few root servers handling reverse DNS queries for all hosts, 
> without any aggregation, how will that architecture scale,

Sure! I would like to get more precise/supported estimations and could do 
some experiments/benchmarks with the conventional software (which is not 
optimal for this usage pattern).


> and how will the deployment incentives work?

What are the incentives to host the root-servers (e.g. f.root-servers.net 
at 46 and j.root-servers.net at 52 sites)? Internet stability? Hopefully 
the same will work for HIP when deployed.


> Or, if that turns out to be a bad idea, what are the practical 
> alternatives that allow someone to write domain-name-based ACLs?
>
> I think it would be great to gather more input on these types of
> deployment questions.

Actually I wonder how could I use HITs without reverse domains, I don't 
want to keep random hex sequences in the memory, but it is probably just 
my feeling.

-- 
Regards, Oleg.