[dns-operations] resolver cache question

Mark Allman mallman at icir.org
Fri Nov 13 17:41:54 UTC 2020


I just finished reading a paper that basically tries to figure out
if a hostname is worth caching or not [1].  This isn't the first
paper like this I have read.  This sort of thing strikes me as a
solution in search of a problem.  The basic idea is that there are
lots of hostnames that are automatically generated---for various
reasons---and only ever looked up one time.  Then there is an
argument made that these obviously clog up resolver caches.
Therefore, if we can train a fancy ML classifier well enough to
predict these hostnames are ephemeral and will only be resolved the
once---because they are automatically generated and so have some
tells---then we can save cache space (and effort) by not caching

  - My first reaction to the notion of clogging the cache is always
    to think that surely some pretty simple LFU/LRU eviction policy
    could handle this pretty readily.  But, that aside...

  - I wonder how much this notion of caches getting clogged up
    really happens.  Could anyone help with a clue?  How often do
    resolvers evict entries before the TTL expires?  Or, how much
    over-provisioning of resolvers happens to accommodate such
    records?  I know resolver caching helps [2], but I always feel
    like I really know nothing about it when I read papers like
    this.  Can folks help?  Or, point me at handy references?

[1] https://www.sciencedirect.com/science/article/abs/pii/S1389128620312627
[2] https://www.icir.org/mallman/pubs/All20b/

Many thanks!


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 220 bytes
Desc: OpenPGP digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20201113/e7a075c9/attachment.sig>

More information about the dns-operations mailing list