<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Hello,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I am involved in a scenario where a satellite link is being used to serve an office and latency is of great concern.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The problem at hand is CNAME resolution which is followed by validation of provided A records. I understand that under normal conditions the A records provided with the initial CNAME response can lead to cache poisoning so they are validated
from an authority. However, this leads to doubling the lookup time which typically exceeds 1.5 seconds. Although the difference may seem trivial the additional ~650ms becomes very noticeable by the end users. I’ve provided a short example below.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">0.001 [Client]->[Resolver]->A?www.example.com<o:p></o:p></p>
<p class="MsoNormal">0.002 [Resolver]->X[Auth]->A?www.example.com<o:p></o:p></p>
<p class="MsoNormal">0.758 [Auth]->X[Resolver]->CNAME:www2.example.com+1.2.3.4<o:p></o:p></p>
<p class="MsoNormal">0.761 [Resolver]->X[Auth]->A?www2.example.com<o:p></o:p></p>
<p class="MsoNormal">1.622 [Auth]->X[Resolver]->A:1.2.3.4<o:p></o:p></p>
<p class="MsoNormal">1.625 [Resolver]->[Client]->A:1.2.3.4<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">NOTE: X == Satellite Link<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">My thought is to use another nameserver at the other end of the link which can provide this validation feature but is “trusted” by the near-end nameserver server reducing the RTT for local clients. As an aside, the far-end nameserver already
exists for other purposes. I’ve provided a short example of this idea below.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">0.001 [Client]->[Resolver]->A?www.example.com<o:p></o:p></p>
<p class="MsoNormal">0.002 [Resolver]->X[Resolver2]->A?www.example.com<o:p></o:p></p>
<p class="MsoNormal">0.288 [Resolver2]->[Auth]->A?www.example.com<o:p></o:p></p>
<p class="MsoNormal">0.290 [Auth]->[Resolver2]->CNAME:www2.example.com+1.2.3.4<o:p></o:p></p>
<p class="MsoNormal">0.292 [Resolver2]->[Auth]->A?www2.example.com<o:p></o:p></p>
<p class="MsoNormal">0.301 [Auth]->[Resolver2]->A:1.2.3.4<o:p></o:p></p>
<p class="MsoNormal">0.655 [Resolver2]->X[Resolver]->A:1.2.3.4<o:p></o:p></p>
<p class="MsoNormal">0.659 [Resolver]->[Client]->A:1.2.3.4<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">NOTE: X == Satellite Link<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Is there a configuration option I am overlooking to disable these A record validations (from Resolver to Resolver2)?
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks,<o:p></o:p></p>
<p class="MsoNormal">John<o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier New";color:#0F243E">--<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New";color:#0F243E">John Woodworth CenturyLink, Inc.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New";color:#0F243E"> Q. Can BULK DNS Handle 18 Quintillion PTR Records??<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New";color:#0F243E"> A. BULK CAN (18,446,744,073,709,551,616 +)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New";color:#0F243E">[ <a href="http://tools.ietf.org/html/draft-woodworth-bulk-rr-00">
<span style="color:#0F243E">http://tools.ietf.org/html/draft-woodworth-bulk-rr-00</span></a> ]<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<center>This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately
notify the sender by reply e-mail and destroy all copies of the communication and any attachments.</center>
</body>
</html>