[dns-operations] Force TCP for external quereis to Open Resolvers?
Xun Fan
xunfan at isi.edu
Sun Mar 31 16:57:38 UTC 2013
On Sun, Mar 31, 2013 at 8:35 AM, Jim Reid <jim at rfc1035.com> wrote:
> On 31 Mar 2013, at 15:20, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
>
> > On Sun, Mar 31, 2013 at 01:32:13PM +0100,
> > Jim Reid <jim at rfc1035.com> wrote
> > a message of 23 lines which said:
> >
> >> Keeping state for bazillions of DNS TCP connections to a resolving
> >> server will present further challenges.
> >
> > Only the DNS people think that. The HTTP people are used to many TCP
> > connections to manage and do not think it is impossible.
>
> I'm sure they do.
>
> But I wonder if their notion of "many TCP connections" is the same as a
> DNS guy's. It would be good to get some actual numbers here: peak and
> steady state of HTTP(S) connections for the busiest web farms and the same
> for DNS, assuming the current UDP traffic to a decent root or TLD server
> all went over TCP.
>
> If web-land has already solved this problem, then of course that knowledge
> should be applied to DNS operations.
>
I agree that administrors of open resolver may need some homework.
If they think their resolver are serving many necessary queries from
external network, then obviously they will do nothing to their resolvers.
But for those open resolvers that are going to become "close", there won't
be many external queries, thus the administrators may be willing to turn to
TCP mode for a mall number of necessary external queries, instead of shut
all external service down.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130331/aed8a090/attachment.html>
More information about the dns-operations
mailing list