|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical NANOG36-NOTES 2006.02.13 talk 3 NTT labs AAAA query explosion worries
(Huge apologies in advance for any and all names I completely mangle! check http://nanog.multiply.com/ to see names/faces correctly handled by Ren. ^_^; ) Matt 2006.02.13, talk 3 NTT labs, (Steve Feldman apologizes for mangling the pronnounciation of their names). NTT information sharing platform labs (didn't get names/info from opening slide) Outline Expect increase in number of DNS queries this year Discussion effect on cache server load and user response time how can we decrease number of unnecessary queries? Today's topic we focus on increase in number of queries between users and cache servers caused by IPv6 support number of 4A queries same as that of A queries domain name completion function DN completion by OS DN completion by application IPv6 enabled OS increases 4A queries Vista will be v6 enbled by default IPv6 and OS resolver IPv6 enabled OS sends 4A queries for every name resolution BSD/Windows Sends both A and 4A queries for every name resolution currently no way to disable one or the other Domain Name Completion when a name resolution fails, both OS and APP automatically try different prefix/suffix completions. OS using these domains to complete: FreeBSD: specified by "search" in /etc/resolv.conf, distributed by DHCP Windows: configured in control panel, distributed by DHCP Applications: Mozilla: retries with www domain prefix IE searches domain using MSN search and then retries name resolutions for domains by adding .com, .org, .net, .edu. Convenient for user, perhaps, hard on nameservers. Combination in FreeBSD completions are different depending on OS FreeBSD tried domain completions for A and 4A for each case. Windows tries all 4A records first, THEN tries all A records. So IPv6 queries in Windows means even if there's an A record in v4 space, it exhausts ALL 4A possibilities FIRST, before going back to get A record. Longhorn/Vista IPv6 default enabled ALWAYS tries 4A queries first! IE7 plus Vista results in 12 DNS queries per user click, best case. Worst case, one user click results in 40 DNS queries!! Slide showing projected impact based on historical data plus projected Vista deployment. Right now, 4A queries only about 5% of queries. After Vista, size of increase could dwarf rest of DNS queries. Release of Windows Vista (IPv6 by default) doubles at least the number of user queries causes more queries in domain name completions and domain search sequences Operators cache servers should be prepared for those increases stop domain distribution to users by DHCP or PPPoE Developers of OS is current search order of resolvers appropriate? eg should "A" record be resolved before domain completion. Ed from Neustar, at microphone: before we consider this a problem, consider from point of application provider; when you need a name, you don't know what transport you may have underneath; if you wait for NXDomain, you increase latency, so app developers generally send all queries at once. What about changing DNS to allow asking for multiple questions at once? Changing application behaviour isn't likely to happen, and changing protocols isn't easy; so why not just beef up the infrastructure to handle it? Joel Yagli, UofOregon; do you know how many of those queries will need to fail over from UDP to TCP due to responses being too large to fit into a single UDP response? Most of the responses coming back don't have data, so they don't need to go to TCP. Tony Bates--what happens when v6 record is returned as valid; does the chain stop there? Also, if you flip to return A record first, we'll never to move to v6. We NEED to start resolving v6 records first, to help move the 'Net off IPv4. Applause, on to next talk.
|