Domain Working Group
Chairperson: Paul Mockapetris/USC/ISI
CURRENT MEETING REPORT
Reported by Paul Mockapetris
AGENDA
o Redeployment of high level servers.
o Short and Long Term fixes for excessive DNS usage reported in the
NSFNET and elsewhere.
o What should the DWG suggest to the Host Requirements WG.
o Addition of dynamic add and delete to the DNS.
o Enhancements to the DNS in general.
ATTENDEES
1. Almquist, Phil/almquist@jessica.stanford.edu
2. Brackenridge, Billy/brackenridge@isi.edu
3. Burgan, Jeffrey/jeff@nsipo.nasa.gov
4. Crocker, Dave/dcrocker@ahwahnee.stanford.edu
5. Edwards, David/dle@cisco.com
6. Fedor, Mark/fedor@nisc.nyser.net
7. Kincl, Norman/kincl@iag.hp.com
8. Lottor, Mark/mkl@nic.ddn.mil
9. Natalie, Ron/ron@rutgers.edu
10. St. Johns, Mike/stjohns@beast.ddn.mil
11. Stahl, Mary/stahl@sri-nic.arpa
12. Volk, Ruediger/rv@germany.eu.net
13. Woods, C. Philip/cpw@lanl.gov
MINUTES
2
�The Domain Working Group met at Stanford University IETF. Mike St. Johns
discussed some possibilities for offloading some of the top-level domains,
such as EDU and COM, from management by the NIC.DDN.MIL. Some preliminary
thoughts were presented, but a firm plan has not yet been made. The
majority of the meeting was spent discussing recent DNS usage problems,
cures, and the most needed repairs to BIND.
Problems:
The best known aspect of the usage problems was NSFNET
observations of 20% DNS packets on some links at certain times.
Traffic monitoring revealed that these large packet fluxes were
from relatively few sites, the so called "screamers". The
screamers are typically sites with Sun's YP using the DNS as a
backstop, i.e. configured so that queries which cannot be
answered by YP drop into the DNS. The trouble is that under
certain cases YP retries DNS queries as fast as possible, so a
simple failure is repeated over and over.
The same problem also caused more severe consequences in local
environments. In one case, DNS screaming leading to gateway
overload, leading to gated cycle starvation, leading to EGP
problems, leading to connectivity loss. In another, the same
traffic which was 20% of a NSFNET T1 was more than 100% of a
56Kbit link.
In addition to the screaming phenomena, others noted low level
useless traffic which becomes significant when multiplied by the
large number of hosts, but still much less than screaming.
Cures:
DNS screaming has been fixed by new Sun YP software. However,
others could easily make the same mistake, so in the future we
need firewalls to stop this behavior in both the resolver and name
server since we cannot always assume control of either. The
method is an extension of negative caching.
The extensions and already defined negative caching mechanisms are
needed even if screamers are fixed so that the system will
continue to scale up.
Total load of DNS should be 1% or less.
3
�BIND needs:
The attendees made the following list of the most important
problems with existing DNS implementations, usually BIND.
o All retry mechanisms should use exponential backoff, with
settable upper and lower limits.
o Negative caching of:
-- Name errors and no data as in RFCs
-- Temporary failures
-- Server failures
o Cooperation between forwarding name servers and waiting ACKs
to resolvers.
o Satisfactory implementation TTL=0 RR handling.
o Correct operation in an environment without root server
connectivity.
o Correct implementation of master file defaults and minimums.
o Broadcast and multicast implementation.
ACTION ITEMS
1. P. Mockapetris to produce detailed draft of problems and
proposed cure.
2. Group of interested parties to draft incremental update
method.