designing the DNS from the scratch

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

designing the DNS from the scratch

Abdulhadi Ettwejiri

HI,

 

we are ISP company , we are providing Internet to our customer, Recently one of our VIP customer ask for DNS service, and need the response time 3msec, we don't have enough knowledge of DNS,

 

1-    To achieve the goal of my customer about the response time I need to know what’s the optimal design solution for DNS ( Authoritative or Recursive(,or there is other design.

2-      If the answer in the previous question an “authoritative”, is there any registration & technical requirements for so (i.e. ccTLD, …   )

 

 

Best regards

 

Abdulhadi Ettwejiri

Technical Support Department

Description: LITC-Logo03

Zawia Street inside GPTC building      | Tripoli | Libya |

)  + 218 91 9994265                    * [hidden email]
( + 218 21 3600234                     :  http://www.litc.ly

7 + 218 21 3617777

 


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: designing the DNS from the scratch

Reindl Harald


Am 09.07.2017 um 09:31 schrieb Abdulhadi Ettwejiri:
> we are ISP company , we are providing Internet to our customer, Recently
> one of our VIP customer ask for DNS service, and need the response time
> 3msec, we don't have enough knowledge of DNS,
>
>
>       1-To achieve the goal of my customer about the response time I
>       need to know what’s the optimal design solution for DNS (
>       Authoritative or Recursive(,or there is other design.

that question is wrong from the begin and it depends *what* type of dns
service

if you provide just resolvers for your customer using on his computers
as resolver it's a recursive (and no recursive server these days should
answer to the whole internet because of amplification attacks)

if you want to host the nameserver for your customers domains it's
authoritative

> 2-If the answer in the previous question an “authoritative”, is there
> any registration & technical requirements for so (i.e. ccTLD, …   )
a domain points to nameservers, on the machine hosting the nameservers
you have open port 53 TUDP *and* TCP and the zone needs to be setup

here you go:
https://www.iana.org/help/nameserver-requirements
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: designing the DNS from the scratch

G.W. Haywood
In reply to this post by Abdulhadi Ettwejiri
Hi there,

On Sun, 9 Jul 2017, Abdulhadi Ettwejiri wrote:

Re: designing the DNS from the scratch

> we are ISP company , we are providing Internet to our customer,
> Recently one of our VIP customer ask for DNS service, and need the
> response time 3msec, we don't have enough knowledge of DNS ...

But you do know the approximate speed of light in a vacuum?

--

73,
Ged.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: designing the DNS from the scratch

John W. Blue
In reply to this post by Abdulhadi Ettwejiri

Abdulhadi,

 

Honestly, I think that a design spec of getting DNS responses in 3ms across the board is unrealistic.  My initial MX query for litc.ly took 367ms:

 

;; ADDITIONAL SECTION:

exmail.litc.ly.         14400   IN      A       197.215.159.227

dns2.lttnet.net.        21600   IN      A       62.240.36.40

dns3.lttnet.net.        21600   IN      A       62.240.36.40

 

;; Query time: 367 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Sun Jul  9 12:50:58 2017

;; MSG SIZE  rcvd: 144

 

Additionally, given the operational environment in which you exist I would recommend that you strive for just providing good DNS services in general.

 

Good luck.

 

John

 

From: bind-users [mailto:[hidden email]] On Behalf Of Abdulhadi Ettwejiri
Sent: Sunday, July 09, 2017 2:32 AM
To: [hidden email]
Subject: designing the DNS from the scratch

 

HI,

 

we are ISP company , we are providing Internet to our customer, Recently one of our VIP customer ask for DNS service, and need the response time 3msec, we don't have enough knowledge of DNS,

 

1-    To achieve the goal of my customer about the response time I need to know what’s the optimal design solution for DNS ( Authoritative or Recursive(,or there is other design.

2-      If the answer in the previous question an “authoritative”, is there any registration & technical requirements for so (i.e. ccTLD, …   )

 

 

Best regards

 

Abdulhadi Ettwejiri

Technical Support Department

Description: LITC-Logo03

Zawia Street inside GPTC building      | Tripoli | Libya |

)  + 218 91 9994265                    * [hidden email]
( + 218 21 3600234                     :  http://www.litc.ly

7 + 218 21 3617777

 


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
SM
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: designing the DNS from the scratch

SM
In reply to this post by Abdulhadi Ettwejiri
Hi Abdulhadi,
At 00:31 09-07-2017, Abdulhadi Ettwejiri wrote:
>we are ISP company , we are providing Internet to our customer,
>Recently one of our VIP customer ask for DNS service, and need the
>response time 3msec, we don't have enough knowledge of DNS,

I suggest discussing with your customer about the requirement as it
is not clear what they are looking for.

Regards,
-sm

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: designing the DNS from the scratch

Warren Kumari
In reply to this post by John W. Blue

On Sun, Jul 9, 2017 at 1:59 PM John W. Blue <[hidden email]> wrote:

Abdulhadi,

 

Honestly, I think that a design spec of getting DNS responses in 3ms across the board is unrealistic.  My initial MX query for litc.ly took 367ms:

 


Like many poorly written / articulated SLAs, the devil is in the details.

I could happily read this as the server / service must respond within 3ms. The OP mentioned VIP, so this could be for auth DNS, in which case responding to a query within 3ms is trivial...

W


;; ADDITIONAL SECTION:

exmail.litc.ly.         14400   IN      A       197.215.159.227

dns2.lttnet.net.        21600   IN      A       62.240.36.40

dns3.lttnet.net.        21600   IN      A       62.240.36.40

 

;; Query time: 367 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Sun Jul  9 12:50:58 2017

;; MSG SIZE  rcvd: 144

 

Additionally, given the operational environment in which you exist I would recommend that you strive for just providing good DNS services in general.

 

Good luck.

 

John

 

From: bind-users [mailto:[hidden email]] On Behalf Of Abdulhadi Ettwejiri
Sent: Sunday, July 09, 2017 2:32 AM
To: [hidden email]
Subject: designing the DNS from the scratch

 

HI,

 

we are ISP company , we are providing Internet to our customer, Recently one of our VIP customer ask for DNS service, and need the response time 3msec, we don't have enough knowledge of DNS,

 

1-    To achieve the goal of my customer about the response time I need to know what’s the optimal design solution for DNS ( Authoritative or Recursive(,or there is other design.

2-      If the answer in the previous question an “authoritative”, is there any registration & technical requirements for so (i.e. ccTLD, …   )

 

 

Best regards

 

Abdulhadi Ettwejiri

Technical Support Department

Zawia Street inside GPTC building      | Tripoli | Libya |

)  + 218 91 9994265                    * [hidden email]
( + 218 21 3600234                     :  http://www.litc.ly

7 + 218 21 3617777

 

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
--
I don't think the execution is relevant when it was obviously a bad idea in the first place.
This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants.
   ---maf

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

image001.jpg (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: designing the DNS from the scratch

Reindl Harald

Am 09.07.2017 um 20:41 schrieb Warren Kumari:

> On Sun, Jul 9, 2017 at 1:59 PM John W. Blue <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Abdulhadi,____
>
>     __ __
>
>     Honestly, I think that a design spec of getting DNS responses in 3ms
>     across the board is unrealistic.  My initial MX query for litc.ly
>     <http://litc.ly> took 367ms:____
>
>     __
>
>
> Like many poorly written / articulated SLAs, the devil is in the details.
>
> I could happily read this as the server / service must respond within
> 3ms. The OP mentioned VIP, so this could be for auth DNS, in which case
> responding to a query within 3ms is trivial...

no it is not - at least not if there is an internet connection between
customer and dns server since you hardly get even a 3 ms ping time

on the server itself yes

frankly even in a local network you end with ;; Query time: 1 msec for a
"dig NS" and that a nameserver can respond on localhost below that is
completly worthless

however, since the OP even don't know if he requires a recursive
resolver or a authoritative server any discussion is pointless unless
the OP is completly re-written based on
http://www.catb.org/esr/faqs/smart-questions.html#beprecise
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: designing the DNS from the scratch

Sten Carlsen



On 09/07/2017 20:51, Reindl Harald wrote:

Am 09.07.2017 um 20:41 schrieb Warren Kumari:
On Sun, Jul 9, 2017 at 1:59 PM John W. Blue <[hidden email] [hidden email]> wrote:

    Abdulhadi,____

    __ __

    Honestly, I think that a design spec of getting DNS responses in 3ms
    across the board is unrealistic.  My initial MX query for litc.ly
    <http://litc.ly> took 367ms:____

    __


Like many poorly written / articulated SLAs, the devil is in the details.

I could happily read this as the server / service must respond within 3ms. The OP mentioned VIP, so this could be for auth DNS, in which case responding to a query within 3ms is trivial...

no it is not - at least not if there is an internet connection between customer and dns server since you hardly get even a 3 ms ping time

on the server itself yes

frankly even in a local network you end with ;; Query time: 1 msec for a "dig NS" and that a nameserver can respond on localhost below that is completly worthless

Thinking about this, the only solution that seems remotely possible is to let the customer have the DNS server on his premises. That way all queries that come from cache could be fast enough. Those it needs to resolve from the Internet, will take longer time.

The next question is who shall maintain that server on his premises? All sorts of questions come to mind.

-- 
Best regards

Sten Carlsen

No improvements come from shouting:

       "MALE BOVINE MANURE!!!" 

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: designing the DNS from the scratch

wbrown
In reply to this post by G.W. Haywood
> But you do know the approximate speed of light in a vacuum?

~3 x 10**8 m/s

More importantly, what is the speed of light in a fiberoptic connection?
Speed of electrons in copper wire?



Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: designing the DNS from the scratch

Ray Bellis
On 10/07/2017 14:02, [hidden email] wrote:

> ~3 x 10**8 m/s
>
> More importantly, what is the speed of light in a fiberoptic connection?

~0.66c

> Speed of electrons in copper wire?

Individual electrons move *very* slowly - it's the electric *field* that
moves at between 0.5c and 1c.

https://en.wikipedia.org/wiki/Velocity_factor

cheers,

Ray

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: designing the DNS from the scratch

Matus UHLAR - fantomas
In reply to this post by wbrown
>> But you do know the approximate speed of light in a vacuum?

there's always dark in my vacuum, so the speed of light doesn't apply there.

On 10.07.17 09:02, [hidden email] wrote:
>More importantly, what is the speed of light in a fiberoptic connection?
>Speed of electrons in copper wire?

speed of electrical field, which is the same as speed of light.
electrons are much slower.

however, the longest distances on earth are about 20000km, which requires
at least 67ms for signal to get there and 133ms to get back.
in reality there's some small delay on each network device in the path, so
the 3ms can only be achieved on short distances.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The only substitute for good manners is fast reflexes.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: designing the DNS from the scratch

Matthew Seaman
On 2017/07/10 14:16, Matus UHLAR - fantomas wrote:

>>> But you do know the approximate speed of light in a vacuum?
>
> there's always dark in my vacuum, so the speed of light doesn't apply
> there.
>
> On 10.07.17 09:02, [hidden email] wrote:
>> More importantly, what is the speed of light in a fiberoptic connection?
>> Speed of electrons in copper wire?
>
> speed of electrical field, which is the same as speed of light.
> electrons are much slower.
>
> however, the longest distances on earth are about 20000km, which requires
> at least 67ms for signal to get there and 133ms to get back.
> in reality there's some small delay on each network device in the path, so
> the 3ms can only be achieved on short distances.
>
Indeed.  Assuming the OP was talking about providing an authoritative
service -- that is, to allow the rest of the world to look up their
customer's domains -- then if they went back to their customer with a
more realistic target of say a 95th-percentile limit of a sub-50ms RTT
for users in urban North America, Europe, Russia, Japan and other
locations with a well developed Internet infrastructure, that could be
achieved by putting DNS servers in strategically located POPs on each
continent and using anycast routing to direct traffic to the nearest
location.

Which would be eye-wateringly expensive to do for just one client,
unless they needed about as much capacity as a middle-sized ccTLD.

Or you could buy a service from one of a number of DNS service providers
who provide pretty much exactly what I described.  That will still be
quite expensive, but not to the extent that it would cause inadvertent
emission of bodily fluids.

On the other hand, if they were talking about providing a recursive DNS
caching service to allow their customer's servers to look stuff up from
the internet, then a 3ms RTT is not impossible so long as

   * the DNS machines are sufficiently close to the client's machines
     that you can readily achieve sub-3ms ping RTTs between them

   * the 3ms limit *only* applies to responses from cached data.

There's clearly no way you can guarantee <3ms if your recursive server
needs to talk to a machine on the other side of the planet where it
takes at least 200ms just to get packets there and back again.

        Cheers,

        Matthew



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

signature.asc (991 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: designing the DNS from the scratch

Leonardo Rodrigues
Em 10/07/17 11:12, Matthew Seaman escreveu:
>
> Or you could buy a service from one of a number of DNS service providers
> who provide pretty much exactly what I described.  That will still be
> quite expensive, but not to the extent that it would cause inadvertent
> emission of bodily fluids.
>

     I have been using Amazon AWS Route 53 DNS services and i'm loving
them. The price is really low for the availability i'm experiencing, the
easy management.

--


        Atenciosamente / Sincerily,
        Leonardo Rodrigues
        Solutti Tecnologia
        http://www.solutti.com.br

        Minha armadilha de SPAM, NÃO mandem email
        [hidden email]
        My SPAMTRAP, do not email it



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Loading...