[dns-operations] root? we don't need no stinkin' root!

Paul Ebersman list-dns-operations at dragon.net
Tue Nov 26 17:46:57 UTC 2019

ebersman> Actually, it's a great argument for longer TTLs and caching
ebersman> doing what they're supposed to.

jim> It would be if the root only got queries from well behaved
jim> recursive resolvers. But we both know Paul that simply isn't true.

jim> Well over 90% of the query traffic at the root has no reason to be
jim> going there at all. For instance stub resolvers that don't care
jim> about TTLs or do any sort of caching, Chrome's 10-character nonce
jim> strings to detect NXDOMAIN rewriting, CPE querying for .home,
jim> enterprises leaking queries for .corp, etc, etc.

You cut off the last line of my post:

ebersman> But compared to a large corp DNS server farm, the root servers
ebersman> shovel a lot of bits. Some of it even valid DNS queries and
ebersman> responses. ;)

Yes. Most of it is crap and the normal DNS rules don't apply. But TTLs
and caching do help (less with root than TLD due to garbage problem) and
the orders of magnitude differences in size of traffic between root/TLD
and large recursive farms is still valid.

We started this with "what's a lot of traffic" and I think you and I
would agree defining "lots" is very dependent on what DNS role you play.

And we've both been around long enough to agree that even if well
behaved and well designed DNS start shifting to local root and similar,
there's enough just crap and enough legacy/old folks needing traditional
root that we're going to be upgrading the traditional root architecture
for a long long time.

But every bit helps, so local root, saner TTLs, solid caching layer are
all still worth building as well.

More information about the dns-operations mailing list