North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Question about strain on the A root server
That's what we thought initially. Somebody processing logfiles. Doesn't look like it though. A remote machine makes our top ten list and then stays there for days. If we block on a router level then it seems to get fixed eventually on the other end. Dirk On Sat, Apr 22, 2000 at 12:57:54PM -0400, Deepak Jain wrote: > > Depending on how the statistical distribution is falling, I would venture > a guess to say its web companies resolving their web hit's DNS. > > My logic is this: > > The number of requests in a short time is very high, and as sites generate > more and more logs the number of requests goes up. Since many of these > sites (even small ones) could easily overwhelm their ISP (in the case of a > hosting company) of their hosting company (in the case of an individual > customer)'s name servers, these guys are forced to do 100% of the queries > themselves. > > Many of these log resolvers don't have name-lookup caching anywhere near > as sophisticated as bind, and some won't maintain their cache between > different log run (picture running the logs for 10,000 virtual domains > individually -- each night). > > And/or: > > I would guess that most new unix/other os installs that are expected to > be on the net probably default talking directly to the root zone instead > of their immediate upstream ISP. (From a software point-of-view, its > easier than asking the customer what his local DNS server is, and then > having the same customer call support when his DNS doesn't work). > > Last theory is just math: > > As the number of domains goes up, the statistical probability of any > particular domain being cached in any large DNS server goes down. > (Especially if the ISP hasn't been very good about growing the size of > their BIND cache). I can see no reason why these same BIND servers won't > start making 10-15% more requests to the root servers each (on say growth > of 40-60% in the number of domains, and probably lower overall > cache/refresh times). This, with some servers doing many times that > because they are more directly affected by the increase in domains (more > and more unique domains, fewer persistent/repeat inquiries). > > > Deepak Jain > AiNET > > > On Sat, 22 Apr 2000, Dirk Harms-Merbitz wrote: > > > > > We are seeing a small number of machines that almost do DOS > > attacks so many hits are being requested. > > > > It started a few months ago. The number of machines that do > > this seems to be slowly increasing. > > > > Could this be a configuration problem in some companies new > > DNS server software? > > > > Dirk > > > > On Sat, Apr 22, 2000 at 11:56:37AM -0400, Nick Patience wrote: > > > > > > Hi all, > > > > > > Disclosure: I'm a journalist with a company called the451.com (details in > > > sig file). > > > > > > Anyhow, that said, I was talking to Network Solutions about their decision > > > to swap out the Sun box that is the A root server and change it for a more > > > powerful RS/6000 S80. Also it is using IBM servers for its new network of > > > name servers - it has already deployed 8 of the intended 12 according to the > > > company, including one brought on stream two days ago in Hong Kong. > > > > > > As most on this list probably already know, it is separating the root > > > servers from the name servers. > > > > > > Anyhow, NSI claims that the strain on the A root server has jumped from 220 > > > million 'hits' to 420 million during Q1 alone. I haven't managed to define > > > what hit is yet but intend to at some point. > > > > > > NSI seems slightly unsure as to the main reason for the increase in hits, > > > but speculates that one of the reasons may be > > > says the main reason for this is that ISP's are using different caching > > > techniques and more & more searches are going right to the top of the tree > > > than before. > > > > > > What do people on this list feel about this as a reason? It seems a little > > > woolly to me. > > > > > > Cheers, > > > > > > Nick > > > > > > -- > > > Nick Patience > > > Internet Editor & NY Dep. Bureau Chief > > > the451.com | wap.the451.com > > > T: 212 460 7131 M: 917 312 5712 F: 413 826 8217 > > > [email protected] > > > > > > > > > > >
|