[dns-operations] A dns-proxy for DNS over HTTP(s)

[Paul Vixie]

Roland Dobbins wrote:
>
> On 27 Aug 2015, at 5:55, Paul Vixie wrote:
>
>> google's web plant runs at that speed.
>
> Not on normal hardware, in normal configurations, it doesn't, which is
> what Ralf was talking about.

i thought he was talking about the places where this scale is needed
because there actually are millions of transactions per second. i
enumerated two who could absolutely provision a plant as capable as
google's and akamai's: those were opendns, and google-dns.

let's enumerate some others, this time on the authority side. verisign
for .COM and .NET, neustar for .BIZ, afilias for .INFO, denic for .DE,
nominet for .UK and .CO.UK, are all totally capable of building
million-QPS serverplexes if that's what DNS required.

>
> Rob Graham's C10M talk from a couple of years ago is a good place to
> start in terms of how to scale.  It's still valid - and it makes it
> clear that this sort of thing (still) isn't something which can be
> easily done, replicated, and maintained.

you havn't explained why it would have to be easy. the large server
operators, recursive and authoritative, are run by companies with deep
enough pockets and teams with deep enough clue, that million-QPS is just
an engineering problem for them, not the end of the world.

if you said that million-QPS was nec'y for everybody in case all but 50
of those QPS were DDoS, then i'd want to take this discussion in a
completely different direction, and we'd end up orbiting mark andrews
COOKIE proposal by the time it was done.

-- 
Paul Vixie