[dns-operations] More Aggressive prefetch for popular names
giovane.moura at sidn.nl
Wed Apr 10 07:42:13 UTC 2019
> So why would anyone want to prefetch popular names? You get a lot of hits
> already while the TTL expires. Preventing that one cache miss does not get
> you a lot of gain on aggregate. It appears that the benefit of prefetching
> is concentrated among 'moderately popular domains'.
> If a popular name with a low TTL has a slow / unreliable set of
> authoritative servers, why paper over that? They can either raise their TTL
> or fix their servers.
Plus, let's not forget the consequences for auth servers if thousands of
resolvers start to do prefetching: if they were slow, imagine then with
prefetching from potentially thousands of clients for thousands of
domains. It can and will probably make things *worse* for the auth side.
Modern resolvers already have two built in mechanism to deal with slow
or unresponsive auth servers: server switching (looping thru the NS
list) and retries (resending the queries).
We have seen in a controlled experiment with 15,000 vantage points what
can happen when auth servers become unresponsive (like during a DDos):
resolvers will multiply their normal query load by 8-9 times, in an
attempt to resolve a domain. See Fig 9 in .
In summary: prefetching may backfire big time. By creating unnecessarily
traffic, it may winding up increasing the latency for everybody.
More information about the dns-operations