Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )

Justizin justizin at siggraph.org
Tue Sep 26 11:48:03 EDT 2006 

On 9/26/06, Jens Vagelpohl <jens at dataflake.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > I believe a single DNS query over UDP can handle around 20-25 entries,
> > depending on their size.
> >
> > Should be no problem for an 'NS' query for zope.org to point at ten or
> > more hosts which run slave.
> >
> > The question is, does this tool allow that?  I imagine so.  I know
> > that we set up a local slave in the convention center for SIGGRAPH in
> > Boston this year from our cheapo DNS provider.
>
> I'm not sure what you're trying to explain or ask here. Do you think
> there would be any problem in propagating updates? Well, there won't.
> And I don't see any need for more than 3 DNS servers (including the
> master). DNS is not resource-intensive in any way.
>

Well, since I don't know about the suggested provider, here's my
concern - let's say I manage your DNS on my servers, and you want to
provide your own local servers.  How do you get a copy of the latest
zone?  Your IP must be listed in my server so that it is allowd to
perform AXFR queries.

All I'm saying is, I assume, hopefully, that this provider will allow
us to specify hosts which are allowed to perform AXFR.

They will also probably provide us with 3-4 hosts which we can use for
DNS.  If You, me, and one other person each contribute two IP
addresses on different network, that puts the zope.org zone in pretty
good shape, because various caching nameservers will handle the
trouble of determining which authoritative record is best for them to
use.

DNS may seem like a low-load service, but if you were to run a DNS
provider yourself on a single machine, I challenge you to maintain 90%
uptime.  The last time I worked on a large DNS implementation we had
twelve machines in each of two geographic locations - dual xeon
machines with lots of RAM that did nothing but handle round-robin DNS
queries.

IIRC, we had about 100,000 zones, but still, let's think about this
for a moment.  Imagine:

  * I have www.stupidwebsiteforjerks.com
  * Someone hates my stupid website, because it's for jerks
  * My DNS records are in the same server as yours
  * Someone decides to launch an 8MB/s or so DDoS against my NS
records and my webserver IP.
  * Your site starts failing to load for 30-60% of visitors after a few hours.

;)

-- 
Justizin, Independent Interactivity Architect
ACM SIGGRAPH SysMgr, Reporter
http://www.siggraph.org/

More information about the Zope-web mailing list