North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DNS - connection limit (without any extra hardware)

  • From: Luke C
  • Date: Mon Dec 11 11:03:30 2006
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta;; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:references:x-google-sender-auth; b=HtJWIGm2YCeReA8gdPGB3G/A95eVcvpPozfjY7iowQiNIKHG2Uq/+ZqBU1h1Zd414m7a2ZNaYH8L2qmsS21u4zRwbVoCGUokRx7N4KqVCVAfwpSzNw4TEp9OOCOlicBzcPNFz7cHGaSAkGCH5Fd9RKBHjX6k1XOCUQDjFKsmJ2E=

of course, my company is working on two main tasks:
the first team is focused on discovering what is the virus, and what is the best anti-virus.
instead, my team has already scaled our DNS service, by doubling the number of DNSs.

I'm not completely satisfied by the "scaling solution": I wish to find a solution that could grant a good quality of the service without placing a lot of DNS in my web-farms

Best Regards


On 12/8/06, Matt Ghali <[email protected]> wrote:
On Fri, 8 Dec 2006, Simon Waters wrote:

> I suspect complex rate limiting may be nearly as expensive as providing DNS
> answers with Bind9.

Indeed. It is generally accepted that it is easier to simply scale
your service to provide adequate headroom than implement per-client
traffic policies.

of course, you could also work on cleaning up the mess, but I will
charitably assume you are working the problem from both directions


[email protected]<darwin><
   Moral indignation is a technique to endow the idiot with dignity.
                                                 - Marshall McLuhan