[dns-operations] Getting rid of ISP's recursive DNS servers? (Was: Eircom "DNS Attacks" ?

Suzanne Woolf woolf at isc.org
Sun Jul 19 13:43:52 UTC 2009

On Sun, Jul 19, 2009 at 11:50:47AM +0200, Florian Weimer wrote:
> * Stephane Bortzmeyer:
> > Because, if any SOHO (and, why not, residential users) suddenly
> > starts to have its own complete resolver, the load on root name
> > servers (and TLD name servers) will increase (see Bill Manning's
> > article for actual measurements).
> I was under the impression that the root load consists mostly of junk
> queries for non-existing parts of the tree.  Aren't those mostly
> random and therefore not subject to caching anyway?

The current root load consists mostly (90+%) of queries for which
NXDOMAIN is the offered answer. Some clients do negative caching
properly, some don't, so it's hard to quantify the benefit.

Further, root server operations massively over-provision for current
or reasonably foreseen "legitimate" traffic in anticipation of DDoS.

The measurements offered are a good start (see also the references in
the article for more, IIRC the most recent strictly empirical paper
cited is 2002). It would be nice to have more data, however,
particularly in view of not only increasing the size of root responses
with DNSSEC, but possible changes in localization of names queried if
the number of TLDs expands significantly under ICANN's new gTLD and
IDN deployment plans. I'm particularly curious about a scenario where
some combination of new gTLDs and IDNs shifts significant load away
from one or two of the current gTLDs and onto multiple new ones.


More information about the dns-operations mailing list