Slashdot Mirror

← Back to Stories (view on slashdot.org)

Will Vista Overload the DNS?

Posted by ryuzaki0 on from the internet-collapses-film-at-11 dept.

Jamie Northern writes, "Thanks to new directory software, Windows Vista could put a greater load on Internet DNS servers. But experts disagree over whether we're headed for a prime-time traffic jam or an insignificant slowdown. Paul Mockapetris,inventor of DNS, believes Vista's introduction will cause a surge in DNS traffic because the operating system supports two versions of the Internet Protocol (IPv4 and IPv6). David Ulevitch, chief executive at OpenDNS, a provider of free DNS services, said Vista's use of IPv6 will not disrupt the Internet at large. 'DNS can be improved, but predicting its collapse is just spreading FUD.'"

7 of 221 comments (clear)

  1. Why any different than Linux or MacOS X? by Midnight+Thunder · · Score: 5, Informative

    Linux and MacOS X are both capable of having both IPv6 and IPv4 stacks, and in many cases this is active by default. Why would Vista cause any more problems?

    If you have a good setup then you will have a lookup cache on your local machine storing both IPv6 and IPv4 addresses for each site. Therefore only one lookup should need to be done.

    --
    Jumpstart the tartan drive.
    1. Re:Why any different than Linux or MacOS X? by kickdown · · Score: 5, Informative

      > why would there be any more requests than there are now with Windows? After all a single DNS lookup should easily get the AAAA and A address in one shot, unless I am misunderstanding the protocol.

      I think you are: you can only request one record type at a time. So you ask either A or AAAA; and given that the rule of thumb is to prefer IPv6 if present, first goes your AAAA and then your A question.
      What you _could_ do is ask for the type ANY, which will make the server return everything it happens to know. But then you have no guarantee the info is exhaustive: the server will only give back those records that it already has in its cache; it will not ask the authoritative name server. So then you might miss something.

      What generates a lot more DNS traffic than AAAA records is the fact that the world has forgotten that URLs terminate with a trailing dot. If you leave it out, it's a _relative_ URL and the resolver on your machine has to trial-and-error if you perhaps meant it with a dot.

      Example: you type www.foo.com in your browser. Your resolver is configured to append bar.org. to relative URLs. Then you'll generate a completely useless request for www.foo.com.bar.org. just to find out it doesn't exist, and then guess the domain www.foo.com. is meant. That depends on your search order and cleverness of your resolver of course, you might as well be lucky and it works out.

      --
      Continuous positive slashdot karma since... uh, maybe next year.
  2. This is ridiculous by eln · · Score: 5, Informative

    For a guy who "invented DNS," he sure doesn't seem to have much of a grasp of how the current DNS infrastructure works.

    First off, most DNS servers are very lightly loaded. DNS in general doesn't take a whole lot of traffic (relative to other protocols), and most DNS servers are way overpowered for what they need to do.

    Secondly, as the article states, Vista is not going to just blindly do two queries, one IPv4 and the other IPv6, for every request. It is a little more intelligent than that (shocking, I know). For systems that don't have an IPv6 address (which will be virtually all of them given the current adoption rate of IPv6), no IPv6 DNS queries will be done at all.

    Linux and other Unix-like OSes have supported IPv6 for years, and they haven't managed to kill DNS yet. Most Vista installations, like most Linux installations these days, are going to have IPv6 disabled anyway, so this is not going to have any real impact at all.

    1. Re:This is ridiculous by LnxAddct · · Score: 5, Informative

      He works for a company that sells DNS solutions, so obviously he's just trying to scare up some more business.
      Regards,
      Steve

  3. Of course it won't cause an overload by A+beautiful+mind · · Score: 5, Insightful

    When Vista comes out, it will be introduced gradually compared to the millions of installed Win98/NT/XP systems.

    It will take years until/if it reaches considerable marketshare. ISPs have plenty of time to upgrade in the meantime.

    --
    It takes a man to suffer ignorance and smile
    Be yourself no matter what they say
  4. Experts Agree: This is BS by Effugas · · Score: 5, Informative

    This is Dan Kaminsky, from the article.

    Here's what I threw on my blog on this matter. Note, the fact that this got presented as even a debate annoyed me enough to start posting on my site again.

    --

    Paul Mockapetris says Vista is going to take down the Internet's DNS infrastructure. Paul is the inventor of DNS; I met him at Black Hat last year and was half starstruck, half relieved he didn't hate me for the things I'd done to his creation :) Paul knows DNS. It's his creation. But you'll note in this story that Joris Evers can't actually find anyone who agrees with Paul.

    There's a reason.

    First, while there are indeed a couple underprovisioned name servers, there's far more that have lots and lots of slack capacity. You need slack capacity to deal with shock load. The networks that would fail because of Vista's release, would fail because of a three day weekend.

    Second, Vista's not getting deployed all at once. This is no service pack that's deployed to a hundred million desktops via Windows Update! Mockapetris is correct in that there will be a noticable increase in DNS traffic, but that increase will be spread out over the course of a couple years. Slow increases like this tend not to cause the sort of catastrophic failure that Mockapetris refers to.

    Finally, and most importantly (in the sense that Mockapetris should know better): Most of the work done to service the IPv6 request, is cached and available to service the IPv4. To complete a DNS lookup, you have to locate a particular server, known as the authoritative server for a domain. The same authoritative server that hosts the IPv6 (AAAA) record also hosts the IPv4 (A) record. So even if Vista sends twice the traffic, the upstream nameserver is certainly not experiencing twice the load.

    Full disclosure: Microsoft has had me looking at Vista for much of this year, as part of their "Blue Hat Hacker" external pen-testing squad. But then, Mockapetris has written a really impressive name server for his company, Nominum, that can handle about 4x the load of BIND. But this isn't about who we are; it's about what is or isn't going to collapse. There are things to worry about. This isn't one of them.

  5. Re:But without FUD... by bcattwoo · · Score: 5, Funny

    It is considered insightful to remark that you consider someone else's comment insightful? Without even expounding the slightest on how it was so?

    If that is the case, I must say that your pointing out the insightfulness of the GP was in itself quite insightful.

    Please mod me up.