[dnssec-deployment] cache performance

Paul Vixie paul at vix.com
Fri Jun 27 13:33:30 EDT 2008 

> 	...  and I -am- studing this.  (the prior work
> 	is out there if folks want to go look at it.)

some references, please?

> > which of those statements asserts something you'd like more evidence for?
> 
> 	your statement "within the headroom we have...a million more TLDs
> 	would be noise by comparison."

since 49/50ths of f-root traffic is crap, i feel safe offering to tolerate
a massive increase, perhaps 10X, of the 1/50th share that isn't crap.  where
am i going wrong in this line of reasoning?

do you think that there will be more crap simply because there are more TLDs?
i can't follow that at all.  the same number of people and malware bots will
make the same number of queries, and the same bunch of them will make those
queries from behind firewalls so they can't hear our responses, so the same
bunch of them will endlessly repeat those queries.  the same bunch of folks
will query for .ENGINEERING over and over.  why would new TLDs increase the
number of crap queries?  is it because folks might mistype .MICROSOFT?  won't
that be a factor of the 1/50th rather than of the 49/50th's?

when the number of queries hitting f-root goes up, as it will, the reason will
be that there are more kinds of malware, more bots, more botnets, and oh i
guess incidentally, more networks and more end users.  somewhere way down in
the noise, i guess the number of TLDs might have some imperceptible impact.

> 	we have no facts on population of new TLDs, their eventual popularity,
> 	or changes in caching behaviour.  what constitutes "noise" is
> 	undefined.  so its a nice assertion...

see above for a loose definition of noise.  see 

http://www.circleid.com/posts/98_of_internets_main_root_server_queries_are_unnecccary_should_you_be_conce/

and

http://news.bbc.co.uk/1/hi/technology/2699071.stm

for more discussion.  see 

http://portal.acm.org/citation.cfm?id=1016695

and

http://citeseer.ist.psu.edu/brownlee01dns.html

for actual data.

if it appears to onlookers as if i'm chasing bill down the hallways with a
running chainsaw in my hands, i apologize for the image.  i'm having trouble
listening passively to another round of root name server system bashing.
so, forget about the smoke -- where's the fire?

More information about the Dnssec-deployment mailing list