[dns-operations] Getting rid of ISP's recursive DNS servers? (Was: Eircom "DNS Attacks" ?

Stephane Bortzmeyer bortzmeyer at nic.fr
Sun Jul 19 09:10:51 UTC 2009


On Sun, Jul 19, 2009 at 09:18:29AM +0200,
 Florian Weimer <fw at deneb.enyo.de> wrote 
 a message of 18 lines which said:

> > I wonder what do the root name server operators think about his
> > suggestion?
> 
> Uhm, what have the roots got to do with it?

Because, if any SOHO (and, why not, residential users) suddenly
starts to have its own complete resolver, the load on root name
servers (and TLD name servers) will increase (see Bill Manning's
article for actual measurements).

Cache sharing (between the clients of one ISP) is supposed to decrease
the load on authoritative name servers, after all.

> Anyway, there's a way to reduce the impact of cache poisoning even for
> large shared resolvers:
[...]
> The downside is that it doubles the number of upstream queries (or
> worse).

Another downside is that the recursive name server will have to keep a
new per-RRset variable (the number of accesses) and to update it on
each request (while, currently, just reading a value in the cache is a
read-only operation so it can be very quick).



More information about the dns-operations mailing list