[dns-operations] A dns-proxy for DNS over HTTP(s)

Roland Dobbins rdobbins at arbor.net
Wed Aug 26 22:53:49 UTC 2015

On 27 Aug 2015, at 5:55, Paul Vixie wrote:

> google's web plant runs at that speed.

Not on normal hardware, in normal configurations, it doesn't, which is 
what Ralf was talking about.

And that's without the complication of keeping DNS-specific DDoS attack 
traffic off the servers (yes, RRL is great, but it isn't a panacea).

Also, I think Ralf made a typo and dropped an 's' - e.g., 'millions' (he 
can confirm or deny).

> my laptop can do thousands of dns-over-http queries per second between 
> two VM's.

Yes, there (hopefully) aren't any DNS-specific DNS DDoS attacks pounding 
the VMs on your laptop, heh.


Rob Graham's C10M talk from a couple of years ago is a good place to 
start in terms of how to scale.  It's still valid - and it makes it 
clear that this sort of thing (still) isn't something which can be 
easily done, replicated, and maintained.

This 12M claim looks great, until we actually look at the values in the 
table for the 12M column:



Just to set expectations properly, not that much has changed in the last 
two years.

There's all kinds of great stuff one can do with DPDK, et. al.  But that 
isn't what most people can implement/use, even today.  And that's 
without DDoS attacks.

Roland Dobbins <rdobbins at arbor.net>

More information about the dns-operations mailing list