[dns-operations] More Aggressive prefetch for popular names

Giovane Moura giovane.moura at sidn.nl
Wed Apr 10 07:42:13 UTC 2019


> So why would anyone want to prefetch popular names? You get a lot of hits
> already while the TTL expires. Preventing that one cache miss does not get
> you a lot of gain on aggregate. It appears that the benefit of prefetching
> is concentrated among 'moderately popular domains'. 
> 
> If a popular name with a low TTL has a slow / unreliable set of
> authoritative servers, why paper over that? They can either raise their TTL
> or fix their servers.

+1

Plus, let's not forget the consequences for auth servers if thousands of
resolvers start to do prefetching: if they were slow, imagine then with
prefetching from potentially thousands of clients for thousands of
domains. It can and will probably make things *worse* for the auth side.

Modern resolvers already have two built in mechanism to deal with slow
or unresponsive auth servers: server switching (looping thru the NS
list) and retries (resending the queries).

We have seen in a controlled experiment with 15,000 vantage points what
can happen when auth servers become unresponsive (like during a DDos):
resolvers will multiply their normal query load by 8-9 times, in an
attempt to resolve a domain. See Fig  9 in [1].

In summary: prefetching may backfire big time. By creating unnecessarily
traffic, it may winding up increasing the latency for everybody.

/giovane

[1] https://www.isi.edu/~johnh/PAPERS/Moura18b.pdf




More information about the dns-operations mailing list