Re: DNS when target services are unavailable (was: Re: Transitioning IETF DNS services)
Mark Andrews <Mark_Andrews@isc.org> Fri, 14 December 2007 00:54 UTC
Return-path: <ietf-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2yoh-0003DP-Nh; Thu, 13 Dec 2007 19:54:15 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2yof-0003Bt-S1 for ietf@ietf.org; Thu, 13 Dec 2007 19:54:13 -0500
Received: from mx.isc.org ([2001:4f8:0:2::1c]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J2yod-0007Bf-GP for ietf@ietf.org; Thu, 13 Dec 2007 19:54:13 -0500
Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.isc.org (Postfix) with ESMTP id 4DC7411401E for <ietf@ietf.org>; Fri, 14 Dec 2007 00:54:10 +0000 (UTC) (envelope-from Mark_Andrews@isc.org)
Received: from drugs.dv.isc.org (localhost.isc.org [IPv6:::1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (verified OK)) by farside.isc.org (Postfix) with ESMTP id 61BEDE6076 for <ietf@ietf.org>; Fri, 14 Dec 2007 00:54:10 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.2/8.14.1) with ESMTP id lBE0s2VL089343; Fri, 14 Dec 2007 11:54:02 +1100 (EST) (envelope-from marka@drugs.dv.isc.org)
Message-Id: <200712140054.lBE0s2VL089343@drugs.dv.isc.org>
To: John C Klensin <john-ietf@jck.com>
From: Mark Andrews <Mark_Andrews@isc.org>
In-reply-to: Your message of "Thu, 13 Dec 2007 13:44:02 CDT." <084ECD0FA962ACBB1CD8C0E8@p3.JCK.COM>
Date: Fri, 14 Dec 2007 11:54:02 +1100
X-Spam-Score: -1.4 (-)
X-Scan-Signature: f4c2cf0bccc868e4cc88dace71fb3f44
Cc: dcrocker@bbiw.net, ietf maillist <ietf@ietf.org>
Subject: Re: DNS when target services are unavailable (was: Re: Transitioning IETF DNS services)
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org
> > On Thu, Dec 13, 2007 at 11:25:27AM -0500, > > John C Klensin <john-ietf@jck.com> wrote > > a message of 40 lines which said: > > > >> IMO, it would be really helpful if relevant WGs or other > >> groups concerned with DNS operations and configurations would > >> take the question up again, review it, and make some sort of > >> definitive contemporary statement (even if that were only "it > >> depends" with an explanation of the tradeoffs). > > > > An important reason why we SHOULD have DNS reliability > > (including geographical variety) even if service X is down is > > because there are several services, not just the Web. OK, if > > the Web site is down, it is not *too* important (but it is > > important, for the reasons you mention) if I cannot resolve > > www.ietf.org but email, jabber, etc, continue to live and need > > the DNS. > > This is consistent with my instincts (and has been for many > years), but Dave is not the first person to take the other > position. And it is a essentially very bad position to take. The DNS was designed to handle many more "connections" per second than any TCP based server can handle but to achieve that it needs to get it needs to be able to find a working server for every zone it is querying. If it doesn't the list of outstand recursive queries quickly becomes a resource issue on the caching server as the amount of time connection state needs to be remembered goes from sub second to multi second. If everyone took the attitude that if the services pointed to by the DNS are offline then the DNS can be offline then the DNS just would not work. Luckily most don't or we would have a "tragesty of the commons" here. DNS servers are also often a shared shared resource for thousands if not hundreds of thousands of clients machines. This means that lookup failures don't just affect the user making the lookup. They are cumulative and affect all the users of the shared resource. We see these effects with spam runs which use host names which point to lame / non-existant servers so this is not just idle speculation. If the DNS lookup succeeds then the impact of the failure moves away from the shared resource and back towards individual resources (browers) or to shared resources which don't have the volume of lookups (MTAs) and have different failure recovery strategies (store to disk rather than in memory of a caching server). Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- Transitioning IETF DNS services Ray Pelletier
- Re: Transitioning IETF DNS services Mr. James W. Laferriere
- Re: Transitioning IETF DNS services Mark Andrews
- Re: Transitioning IETF DNS services Brian Dickson
- Re: Transitioning IETF DNS services Mark Andrews
- Re: Transitioning IETF DNS services Dave Crocker
- Re: Transitioning IETF DNS services Bill Manning
- Re: Transitioning IETF DNS services Mark Andrews
- Re: Transitioning IETF DNS services Russ Housley
- Re: Transitioning IETF DNS services Daniel Brown
- DNS when target services are unavailable (was: Re… John C Klensin
- Re: DNS when target services are unavailable (was… Stephane Bortzmeyer
- Re: DNS when target services are unavailable (was… John C Klensin
- Re: DNS when target services are unavailable Dave Crocker
- Re: DNS when target services are unavailable (was… Mark Andrews
- Re: Transitioning IETF DNS services Ray Pelletier
- Re: Transitioning IETF DNS services Ray Pelletier
- Re: Transitioning IETF DNS services Ray Pelletier