North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Question about strain on the A root server

  • From: Deepak Jain
  • Date: Sat Apr 22 13:01:10 2000

Depending on how the statistical distribution is falling, I would venture
a guess to say its web companies resolving their web hit's DNS. 

My logic is this: 

The number of requests in a short time is very high, and as sites generate
more and more logs the number of requests goes up.  Since many of these
sites (even small ones) could easily overwhelm their ISP (in the case of a
hosting company) of their hosting company (in the case of an individual
customer)'s name servers, these guys are forced to do 100% of the queries

Many of these log resolvers don't have name-lookup caching anywhere near
as sophisticated as bind, and some won't maintain their cache between
different log run (picture running the logs for 10,000 virtual domains
individually -- each night). 


I would guess that most new unix/other os installs that are expected to
be on the net probably default talking directly to the root zone instead
of their immediate upstream ISP. (From a software point-of-view, its
easier than asking the customer what his local DNS server is, and then
having the same customer call support when his DNS doesn't work).

Last theory is just math:

As the number of domains goes up, the statistical probability of any
particular domain being cached in any large DNS server goes down.
(Especially if the ISP hasn't been very good about growing the size of
their BIND cache). I can see no reason why these same BIND servers won't
start making 10-15% more requests to the root servers each (on say growth
of 40-60% in the number of domains, and probably lower overall
cache/refresh times). This, with some servers doing many times that
because they are more directly affected by the increase in domains (more
and more unique domains, fewer persistent/repeat inquiries).

Deepak Jain

On Sat, 22 Apr 2000, Dirk Harms-Merbitz wrote:

> We are seeing a small number of machines that almost do DOS
> attacks so many hits are being requested.
> It started a few months ago. The number of machines that do
> this seems to be slowly increasing.
> Could this be a configuration problem in some companies new
> DNS server software?
> Dirk
> On Sat, Apr 22, 2000 at 11:56:37AM -0400, Nick Patience wrote:
> > 
> > Hi all,
> > 
> > Disclosure: I'm a journalist with a company called (details in
> > sig file).
> > 
> > Anyhow, that said, I was talking to Network Solutions about their decision
> > to swap out the Sun box that is the A root server and change it for a more
> > powerful RS/6000 S80. Also it is using IBM servers for its new network of
> > name servers - it has already deployed 8 of the intended 12 according to the
> > company, including one brought on stream two days ago in Hong Kong.
> > 
> > As most on this list probably already know, it is separating the root
> > servers from the name servers.
> > 
> > Anyhow, NSI claims that the strain on the A root server has jumped from 220
> > million 'hits' to 420 million during Q1 alone. I haven't managed to define
> > what hit is yet but intend to at some point.
> > 
> > NSI seems slightly unsure as to the main reason for the increase in hits,
> > but speculates that one of the reasons may be
> > says the main reason for this is that ISP's are using different caching
> > techniques and more & more searches are going right to the top of the tree
> > than before.
> > 
> > What do people on this list feel about this as a reason? It seems a little
> > woolly to me.
> > 
> > Cheers,
> > 
> > Nick
> > 
> > --
> > Nick Patience
> > Internet Editor & NY Dep. Bureau Chief
> > |
> > T: 212 460 7131  M: 917 312 5712  F: 413 826 8217
> > [email protected]
> > 
> >