[dns-operations] Google Public DNS and round robin records

[Vernon Schryver]

> From: Paul Vixie <paul at redbarn.org>

> and now that we've got DNS RPZ it's possible to have the "safety"


} On 2012-07-22 5:03 PM, Mark Jeftovic wrote:
} > Yes you can run your own resolvers where you can better control all
} > this stuff, but often times you cannot control that your remote clients
} > actually use it  ...


} From: Paul Vixie <paul at redbarn.org>

} this seems to be a call for a lightweight resolver that can live in
} every laptop desktop and smartphone.

When you talk about RPZ and so things like 33 MBytes for the BIND9.9
compressed version of the rpz.spamhaus.org zone, I wonder if
"lightweight" applies.

On the other hand, today if your DNS server is not answering more than
100 requests/second, it probably qualifies as a lightweight application.
Just now on my own system I see firefox has 590 MBytes total, 350
MBytes resident, and 3 CPU minutes after only a couple hours and perhaps
300 fetches of fewer than 10 web pages.  (I'm wrestling with cgi).
Named (BIND) is authoritative for a few zones and generates about 50
MBytes of log files per day.  That's not much but it's far more than
a resolver in almost any laptop, desktop, or smartphone.  After running
for days it has only 143 MBytes, 66 MBytes resident, and 8 CPU minutes.

In other words, why not run whatever is your favorite DNS resolver
configured with fewer threads, small task pools, reduced max TTL, etc.?

A problem with that might be the increased load on authoritative
servers due to caching disbursed among zillions of clients, but
that is unrelated to resolver weight.

A local resolver would not (well, need not) hurt security and
might answer some of DNS security issues.


Or at least reasonable resolvers in CPE such as DSL and cable modems.


Vernon Schryver    vjs at rhyolite.com