[AusNOG] DNS forwarders (was Re: IPv6: Who's dual stacked? Why don't I look stacked?)

Robert Mibus mibus at mibus.org
Fri Mar 8 15:15:25 EST 2013

> I've never understood why anyone bothers with upstream DNS forwarders [1].
> Are there some strong technical (e.g. customer experiences breakage) or
> community-minded (e.g. the top-level servers can't handle it) reasons why
> we shouldn't just let all DNS queries go to the root? Most people seem to
> set their TTLs pretty low anyway [2], so it seems like a pointless exercise.

I won't comment on root DNS server issues (as I don't have any real idea),
but performance is the #1 reason why you'd want to do it for yourself.

The leaf TTLs might be low, but the ones above can still be cached for
longer periods of time (I'm thinking NS records and the like). So you might
need to query "www.facebook.com" for the first time today, and perhaps your
ISP's cache doesn't have it, but they probably still know the NSes for
facebook.com itself, and can do just the final query (rather than having to
walk the whole tree).

Low TTLs actually help make a case for ISP caches _more_, IMO, at least
with popular sites.

Taking mail.google.com as an example (writing this in GMail ;):
 * the A record is 300 TTL, but commonly accessed by others at my ISP[1] so
likely to be cached there
 * My ISP resolver is <10ms away.
 * the Google NSes are all well over 150ms away.

So every five minutes when my client needs to refresh its data, I save at
least 140ms for the request.

[1] Obligatory disclaimer; I work for Internode and look after (among other
things) the DNS resolvers.


Robert Mibus <mibus at mibus.org>
Tech by day, geek by night
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130308/b1e12ff8/attachment.html>

More information about the AusNOG mailing list