[dns-operations] DNSSEC impact on applications was Re: security-aware stub resolver
wjhns1 at hardakers.net
Tue May 27 13:41:29 UTC 2008
>>>>> On Tue, 27 May 2008 04:51:59 +0000, Paul Vixie <paul at vix.com> said:
PV> i am especially concerned about the amount of duplicated backbone and
PV> authority server traffic if every app on every host has its own full
PV> resolver which is a building block of such a validator. right now we
PV> tend to cache at least at the host level and often at the LAN level.
PV> if we go to an "every app for itself" model, i fear the
I don't think that adding app-specific caching to modern applications
will have much downside in terms of memory usage when compared to what
applications are already eating up.
In terms of added code size the static libval library from DNSSEC-Tools
near a half a meg:
-rw-r--r-- 1 hardaker group 549822 May 12 10:55 libval-threads.a
But if you're worried about data-caching itself (as you indicated) then
- We've already shown in this thread that the only net traffic increase
will between the local resolver and the application (assuming the
caching resolver would do validation if the application didn't, which
was the start of the discussion).
- Most applications these days are *huge* in size compared to anything
DNS might need to store. EG for a fairly newly running firefox 3:
3517 hardaker 20 0 197m 62m 21m S 8.0 4.1 0:28.59 firefox
Somehow I don't think DNS caching is going to make a huge increase in
those sizes. The code size is likely to be a bigger issue than the
size of the cached data.
- For small applications, most don't do a huge amount of lookups (wget,
- For small applications that actually do a huge number of lookups (web
proxies?) then the size of the cache could grow to a level that could
possibly impact the running system.
- If the device is small and the memory issue is real, then you could
always decrease the cache size so it would preform more lookups (to
the near-by caching resolver) at the trade off of speed and increased
I seriously doubt that in-application caching will cause a memory
increase that will seriously negatively affect most of the use cases
"In the bathtub of history the truth is harder to hold than the soap,
and much more difficult to find." -- Terry Pratchett
More information about the dns-operations