North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
ISP network design of non-authoritative caches
I appreciate the redirect, if there is a better list, but my question is directed at network operators. namedroppers is for dns protocols, dnsops is for operators of authoritative name servers. The majority of users on today's Internet will never directly query any root name server, or any other authoritative name server. Instead of a set of authoritative servers, the servers which actually deliver direct DNS service to users/hosts are non-authoritative, caching servers. There are more caching, name servers at the edge of the net than there are Akamai boxes in the world. In the late 1980's and early 1990's, when the net was much more interesting (i.e. flaky, low-bandwidth, expensive circuits) network operators carefully planning where to place caching-only name servers, and configuring end-systems to use the appropriate set of servers. A well-configured set of caching-only name servers can maintain the illusion of DNS for several hours, even during a network partition or loss of many authoritative name servers, at least for the "popular" names. They work so well, people forget they can still have problems. During the boom times, ISPs couldn't individually configure millions of DNS clients. They generally told subscribers to use two statically configured name servers, or more recently used DHCP to set them. Several national ISPs, including the one I use, with millions of subscribers, appear to still do this. We know this isn't good engineering practice, because another national ISP with millions of subscribers configured their network the same way, and experienced a multi-hour service disruption affecting most of their users a couple of years ago when an error blocked access to their two caching-only, name servers. There is lots of "best practice" information for configuring authoritative name servers (including the root and TLDs). The BOG, O'Reilly, DNSOPS, RFCs, etc. There are several "managed service" companies which will maintain authoritative name servers for you. Although most of this stuff seems obvious, network providers seem to get bitten by the same obvious things over and over again. Is there a white paper, best common practice, or book which shows the naive ISP (whether they have 10 or 10 million subscribers) how to architect their DNS system? Medium and large organizations having firewalls with internal/external DNS, which already includes local caching. This seems to be mostly a large, national ISP issue. By their nature, small ISP networks tend to have "shared fate" among all of their systems anyway.