Fwd: Re: DNS versus NAT ?

Ronald F. Guilmette rfg at tristatelogic.com
Sat Jun 15 20:56:05 UTC 2019 

In message <20190615154602.3BD08201591C0B at ary.qy>, 
John Levine <johnl at taugh.com> wrote:

>In article <8edb08ac-5f86-04b7-7b7e-8bf1eb25386c at gmail.com> you write:
>>You may not need a "cloudish sort of place." It really depends your user 
>>count. A residence or small business doesn't generate that many "new" 
>>domain queries in 24 hours.
>
>I'm pretty sure that when Ron said 64K outstanding queries, he meant
>it.  It's not just family members looking at Facebook.

Well, to be clear, I never said 64+K queries all "outstanding" (and as
yet unanswered) at any given moment.  In fact, my hope and believe is
that my worst case for simultaneously open/pending queries would likely
be smaller than that.  However I have been known to do a million or
so DNS queries in an afternoon, and depending on how the SOHO router
maintains it's table of connection-ish 4-tuples, doing that from behind
some such router might indeed cause the thing to catch fire, metaphorically
speaking.

A lot of this depends on one's defintition of an "outstanding" DNS query
also.  If I do a million queries, to all sorts of things scattered all
over the place... which is something that I do routinely... then it's very
typical that as much as a quarter or more of thoes DNS queries will go
entirely unanswered due to dead delegations.  So if I send out 1 million
queries over the space of, say, 3 hours, at the end of those 3 hours we
mighy say that 250,000 queries are still "outstanding" because no response
whatsoever has been received.  So obviously, if the router is going to
cling onto and keep each 4-tuple that is associated with each of those, for
hours on end, and not do garbage collection early and often, then that's
going to be a problem.

To bring this back, at least vaguely, to being on topic, what is Unbound's
approach to this problem?   Has anyone tried to shove a few gazllion queries
through it over a very short period of time, just to see if it could be
made to explode?  If not, doing so might be entertaining.

(Memories of various videos I've seen which involve the combination of
Mentos and Diet Coke are springing immediately to mind. :-)


Regards,
rfg

More information about the Unbound-users mailing list