Moin! On 15 Mar 2016, at 15:16, Shumon Huque wrote: > More generally, it also reduces demands on authoritative servers by > not sending them a set of unnecessary queries. > > I have not viewed this as a 'speed hack', or in fact any hack, but as a > way to make the entire DNS ecosystem more efficient by correctly > interpreting the NXDOMAIN signal. To regurgitate part of my earlier > message: "why should resolvers make unnecessary outbound queries > for names that don't exist, and why should authoritative servers receive > those queries?" In the grand scheme of things it doesn't matter. Authoritative servers get unnecessary queries all the time. Look at any off Geoff Houstons presentation on how DNS resolvers are behaving which I think he describes as Obsessive–compulsive disorder. I see the same every week as an authoritative for an open resolver scan where I for one open resolver that has been asked once I see immediate multiple queries and after some hours yet more despite nobody has asked for it again.
Yet with all this the amount of queries an authoritative server gets is a tiny fraction of the queries the resolver gets. Most resolvers these days have more than 90% cache hit rate in the mobile space even above 95%, and the remaining 10 to 20th queries a resolver sends to an authority are distributed amongst hundreds of thousands of authoritative servers, so an authoritative server getting couple queries more really is a drop in the ocean. As for a lot more queries (random subdomain/qname or waterfall attacks or whatever you call them) I don't think this would help as it is easy to modify those to not add a label. So long -Ralf _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
