[dns-operations] A dns-proxy for DNS over HTTP(s)
Roland Dobbins
rdobbins at arbor.net
Wed Aug 26 22:53:49 UTC 2015
On 27 Aug 2015, at 5:55, Paul Vixie wrote:
> google's web plant runs at that speed.
Not on normal hardware, in normal configurations, it doesn't, which is
what Ralf was talking about.
And that's without the complication of keeping DNS-specific DDoS attack
traffic off the servers (yes, RRL is great, but it isn't a panacea).
Also, I think Ralf made a typo and dropped an 's' - e.g., 'millions' (he
can confirm or deny).
> my laptop can do thousands of dns-over-http queries per second between
> two VM's.
Yes, there (hopefully) aren't any DNS-specific DNS DDoS attacks pounding
the VMs on your laptop, heh.
;>
Rob Graham's C10M talk from a couple of years ago is a good place to
start in terms of how to scale. It's still valid - and it makes it
clear that this sort of thing (still) isn't something which can be
easily done, replicated, and maintained.
This 12M claim looks great, until we actually look at the values in the
table for the 12M column:
<https://mrotaru.wordpress.com/2013/06/20/12-million-concurrent-connections-with-migratorydata-websocket-server/>
<https://mrotaru.wordpress.com/2013/10/10/scaling-to-12-million-concurrent-connections-how-migratorydata-did-it/>
Just to set expectations properly, not that much has changed in the last
two years.
There's all kinds of great stuff one can do with DPDK, et. al. But that
isn't what most people can implement/use, even today. And that's
without DDoS attacks.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the dns-operations
mailing list