|
Re: [Asrg] NXDOMAIN cache behavior, was draft-levine-iprangepub-01
2011-01-05 00:29:33
On 1/5/2011 12:13 AM, John Levine wrote:
I looked for foo.gurus.org, got an NXDOMAIN, then
queried bar.foo.gurus.org, and it went back to the authoritative server to
get the answer.
I guess I must have misunderstood. If _that_ is how you test it, I
can't imagine a DNS server doing otherwise.
It's not a totally ridiculous idea. There's a difference between
NODATA, which means that the name exists but has no records, and
NXDOMAIN which means the name doesn't exist. Assuming the data are
consistent, if you see NXDOMAIN there should be no subdomains of the
name with the NXDOMAIN. But the DNS crowd hates synthesizing answers
for reasons that strike me as mostly religious, so nobody does.
Er. But isn't this (a) whether you interpret NODATA (aka No Error) as
NXDOMAIN or otherwise a DNS client library and/or DNSBL query function
decision, and (b) does DNS really return "No Error" for b.a if there's
no RR for b.a, but there is one for c.b.a?
All my DNSBL query code is written well "below" the gethostbyname()
level of abstraction, and I always have to make a conscious decision (so
far) to treat NOERROR as NXDOMAIN on DNSBLs. On DNSWLs I treat anything
but an affirmative NXDOMAIN (ie: server fail, timeout, no error) as listed.
[Most of my DNSBLs and all of my DNSWLs are served locally via a single
combined A query, so a DDOS on an external DNSWL doesn't cause me to
accept everything, and I get 10 DNSxL queries for (almost as little) as
the price of one.]
dnscache has a fixed size outstanding query buffer (compile-time 100
queries IIRC), and throws queries away if you overflow it.
For the handful of computers that use my cache, it hasn't been a problem.
Note "handful". I'd also suggest relatively low DNS-consumptive. In my
case, I'm talking about a single mail server doing 4-8 DNS queries per
email, and 20-100 emails/second blowing a dnscache instance's brains out.
dnscache is fine for the average small DNS user. But if you're doing
lots, it leaves something to be desired.
When I crank up the process to ASNify the past week's worth of seem IPs
(6+ million) via a local copy of the routeviews zone for global metrics,
it matters if you want it done in a reasonable time (I'm doing 10
minutes now). Udns or ParaDNS is a great way to break nearby caches
(and consumer level routers as some people have found out to their
dismay) if you're not careful.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [Asrg] NXDOMAIN cache behavior, was draft-levine-iprangepub-01, (continued)
- Re: [Asrg] NXDOMAIN cache behavior, was draft-levine-iprangepub-01, Matthias Leisi
- Re: [Asrg] NXDOMAIN cache behavior, was draft-levine-iprangepub-01, John Levine
- Re: [Asrg] NXDOMAIN cache behavior, was draft-levine-iprangepub-01, Chris Lewis
- Re: [Asrg] NXDOMAIN cache behavior, was draft-levine-iprangepub-01, Matthias Leisi
- Re: [Asrg] NXDOMAIN cache behavior, was draft-levine-iprangepub-01, John Levine
- Re: [Asrg] NXDOMAIN cache behavior, was draft-levine-iprangepub-01, John Levine
- Re: [Asrg] NXDOMAIN cache behavior, was draft-levine-iprangepub-01,
Chris Lewis <=
- Re: [Asrg] NXDOMAIN cache behavior, was draft-levine-iprangepub-01, John Levine
- Re: [Asrg] NXDOMAIN cache behavior, was draft-levine-iprangepub-01, Chris Lewis
- Re: [Asrg] NXDOMAIN cache behavior, was draft-levine-iprangepub-01, Bill Cole
- Re: [Asrg] NXDOMAIN cache behavior, was draft-levine-iprangepub-01, Chris Lewis
Re: [Asrg] draft-levine-iprangepub-01, David Nicol
|
|
|