DNS performance goes to hell... to fight spam?
A couple internet veterans griped at me today:
Remember the days of sub-50ms DNS queries for just about any site?
With all of the extra TLDs/roots/etc/nonsense, plus all the crap that
akamai and others try to sell as load balancing... we see shit like:
www.uu.net. 285 IN CNAME global.mci.com.
global.mci.com. 0 IN A 188.8.131.52
;; Query time: 2068 msec - SERVER: 127.0.0.1#53(localhost)
;; WHEN: Fri Nov 5 17:47:46 2004 - MSG SIZE rcvd: 206
2 SECONDS!!!! This is on a machine that is in Dallas, Tx on tons of
fiber acccess to the world! WTF, over?
Whoever is the genius that thought a TTL (time to live) of 0 seconds was sooo cool should be shot.
The world's most distributed database is breaking down, because people are afraid to cache anything... and we're still not using good crypto. It's SPF
, says one...
There's nothing wrong with txt records, BUT now all the weenies who are out to "Stop Spam" (which spf has nothing to do with) are doing an A,PTR and TXT, not the mention the AAAA with EVERY SINGLE smtp, and the sheer bulk of the smtp connections with all the viagra, rolex & virus spam, well, it isn't making things much easier, ya know?Self centered stupidity
management wants control of their data and can't imagine numbers bigger than 3, much less a the few million machines that act to move the data closest to the customer - that kind of knowledge only comes from visiting countries like Belize, where all the mistakes we are making to overwhelm the bandwidth of the Net at the furthest edges becomes apparent
It's the collapse of the commons
! sez a third...
With all of the CNAME refs and bounces, and making things authoritative for single hosts (e.g. www.domain.com) that want to lookup where I am coming from so that they can refer me to the closest mirror.. That plus the TTL of 0 does it.
It is hard to sell things and show how much better our service is when we still have that initial 2-4 second hit on DNS lookups for www sites.. I used to get mad at IE for maintaining its own DNS cache.. Now that may be the only thing that saves us from a real collapse.
The internet. No one owns it. Everybody can use it. "Everyone can improve it".
Although I gain clarity in my DNS files by using CNAME chains, I cause two or three DNS lookups for every access to my web site and mail server. The packet overhead isn't much, but the added latency does add up. Note to self - REFORM! do a global search and replace on my DNS records so I return to a 1 to 1 match between IP and name... And:
Big sites using a TTL of 0 completely thwarts the intent of the several million DNS caches on the internet, to what end? There are far better load balancing solutions. If millions of sites set TTL to 0, the Net would