North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DNS Query Question

  • From: Dennis Dayman
  • Date: Thu Jan 18 15:14:00 2007
  • Dkim-signature: a=rsa-sha1; c=simple; d=thenose.net; s=mail; x=1169755914; q=dns; h=DomainKey-Signature:Received:Message-ID: Date:From:User-Agent:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=GOxbf4kph8 K8iQqZYvjr2FlxswMinTi+EIrKaxpqYH5SCoRtyrSeWlFVLpFCDc1fGLZrKluV0t F60CX4x+BeY6EPsEDSKCFW4o+vR4DBJTPQmT5NoVnkNwmCsz0P52G9nPN7LrlTRT lCz7a9t52vbit6mRaNUDF/G00op5Fd9JQ=
  • Domainkey-signature: a=rsa-sha1; s=mail; d=thenose.net; c=simple; q=dns; h=message-id:from; b=X5EqTo74lGduXtU7rx4JdpZjupGmulP4LFxZVEwr8DBIjljCXaVK1jJShGSR jDluf7+d7vhdZCsYtt+OyzYPcXrCTXPXJEfBKCKvbSramCwwXK2emuefv jO7hNfmBgjZvJGb/IRzNBQXwRLkazyygeNB5WWZFoWjpYmljXyhs34=;

David Ulevitch wrote:

Dennis Dayman wrote:

I have a customer having some DNS issues. They have done some research
regarding some DNS timeout errors they saw with Verizon's sender verify
looking up their MX records. What they have discovered is their current DNS service has a 1% failure/timeout rate. They are exploring other vendors (UltraDNS for one), but need an estimate of the number of DNS queries for accurate pricing to put together a ROI argument for the
switch.

I have no IDEA if this can be determined, but what is a good estimate of
the number of DNS queries generated from sending an email?

That's not a good tack to take to figure out the answer.

Just check the logs of your current DNS server and count 'em up.

UltraDNS isn't cheap. But neither is downtime, I suppose.

Here's what Chuq figured.

If I’m sending from my machine to your machine, here’s what I think is the right sequence.

HELO foo.com (generates a call to the IP of the socket to compare to foo.com)

It’s also going to look up the foo.com to make sure it resolves

MAIL-FROM – it’ll look up the domain to make sure it exists, I believe.

So I think the baseline is 3, plus whatever anti-spam a site might use: DKIM, Sender-ID, SPF all generate at least a lookup of a TXT record, and depending on how they’re implemented, maybe an A. Some of the anti-spam stuff might pull MX to verify a return path exists, too.

I’d say the minimum is 3, max is around 8, assuming nothing cached anywhere, for a new connection with one email sent. Multiple emails on a connection helps, and pipelining helps more (but individually optimized emails hose that); client side caching helps a lot but we can’t depend on it.

If they want to send a message back (DSN, say), that’s going to pull the A record, then the MXes, and then for each MX, I believe it does a reverse lookup to get the name, and that iterates for every MX until sent or you run out of MXes.

-Dennis