This is a discussion on Re: stopping amplification - DNS ; On Tue, Mar 28, 2006 at 11:48:03AM -0500, Edward Lewis wrote: > I've been urged to send out this proposal, which even I think is rather > goofy. Exceptionally so. Apologies for not criticising this more deeply, but on a ...
On Tue, Mar 28, 2006 at 11:48:03AM -0500, Edward Lewis wrote:
> I've been urged to send out this proposal, which even I think is rather
Exceptionally so. Apologies for not criticising this more deeply, but on a
general note I'd like to draw attention to the 'amplification' that regular
recursing nameservers perform.
The PowerDNS recursor takes a lot of effort to prevent queries that have
failed recently, and would probably fail again, and to direct queries to
nameservers that do respond.
Yet despite all this throttling effort, which routinely prevents up to 40%
of queries in production, PowerDNS is only a packet-attenuator of 50-80%,
iow, for each 100 queries, 20 to 50 packets are sent to the internet.
See all this in gory detail on the graphs here:
http://adsl-xs4all.ds9a.nl/rrd/ . A small dependency-light version of the
recursor is available on http://svn.powerdns.com/pdns-recursor.tar.bz2
I wonder how well other recursors do, and might perhaps not be performing
any useful role at all in attenuating packets.
http://www.PowerDNS.com Open source, database driven DNS Software
http://netherlabs.nl Open and Closed source services
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.