[dns-operations] summary of recent vulnerabilities in DNS security.
Matt Rowley
matt at arin.net
Wed Oct 23 00:44:40 UTC 2013
Vernon Schryver wrote:
> I'm puzzled by the explanation of Socket Overloading in
> https://sites.google.com/site/hayashulman/files/NIC-derandomisation.pdf
>
> I understand it to say that Linux on a 3 GHz CPU receiving 25,000
> packets/second (500 bytes @ 100 Mbit/sec) spends so much time in
> interrupt code that low level packet buffers overflow.
>
> That puzzles me for reasons that might be summarized by considering
> my claim of 20 years ago that ttcp ran at wirespeed over FDDI with
> only 40-60% of a 100 MHz CPU.
<snip/>
Just to reinforce Vernon and Jo's points, we have DNS servers running
Linux at ARIN pushing 25~30k packets per second. Overall CPU
utilization (across all cores) is under 10%. Interrupt rates tend to be
around 15~18k per second.
cheers,
Matt
More information about the dns-operations
mailing list