INTERNET-DRAFT C. Moberg draft-moberg-dns-caching-useful-00.txt A. Andersson Expires August, 1999 Telia Network Services 23 Feb 1999 DNS caching considered useful Abstract This memo suggests that the usage of very small TTL values in SOA RRs [1] for dynamic environments such as when using DHCP with DNS dynamic updates [2] will affect the performance of the DNS as a whole in a negative manner and should therefore be avoided. However, this memo is in no way meant to be an exhaustive analysis of the issue, more of an invitation to discuss how to avoid future scalability issues while still providing expected service. Status of this memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Comments on this draft should be sent to Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. 1. Introduction This memo aims to raise the issue of how the systematic usage of very low TTLs in the SOA RR of zones with more or less dynamic content will affect the DNS negatively as a whole. The suggestion is that the strength of the DNS is threefold; hierarchy, distribution and caching. If one of the three is removed, in this case the caching part, the DNS will suffer in speed of resolving and also possibly in scalability due to increased load on primary servers. However, this memo is not intended to be an exhaustive or systematic analysis of performance degradation in DNS implementations due to these issues, nor does it cover the full extent of the problem, it should be seen as a springboard for further discussions and actual measurements. Readers of this memo are supposed to be familiar with the DNS and Moberg DNS caching considered useful [Page 1] draft-moberg-dns-caching-userful-00.txt 23 Feb 1999 its concepts. 2. Background The history of the distributed, scalable DNS that is in widespread use in the Internet today starts during the ARPANET years. RFC 819 [3] describes the first shot at a hierarchical structure for domains and this structure (admittably modified but logically the same) is still in use and describes the logically hierarchical structure of the DNS namespace. All domain to resource mappings were still handled in a single file and was edited by a single entity (SRI-NIC). This scheme, needless to say, did not scale very well. The need for a system that could distribute the administrative responsibility to local organizations was obvious. An investigation was initiated by ARPANET to solve this problem. The proposed solution turned out to be the creation of a decentralized and distributed system with locally manageable data. The namespace had to guarantee uniqueness, and by using a system with nameservers to administrate delegated namespace a solution was found. The design of the architectural model for this system is described in RFC 882 [4] and in RFC 883 [5] containing the first specification of the Domain Name System. RFC 1034 [6] and RFC1035 [7] obsoletes the former two and still stands as the current version with a couple of updates and clarifications. The DNS is today the worlds largest and most heavily used directory service. 3. The threefold strength of the DNS The way the authors see it, the strength of the DNS is built on three basic concepts, namely hierarchical structure, distributed delegation and caching. - Hierarchical structure provides the users with a logical and recognizable way of naming end-nodes. - Distributed delegation makes the DNS adminstratively decentralized and scalable in size. - Caching minimizes the need for recursive querying and lets the structure scale in response time vis a vis number of clients and registered nodes. 3.1 Hierarchical structure The DNS is using a hierarchical, tree structured database, indexed by names. At the top of the hierarchy is the root domain, aka ".". This domain containss information for all top-level domains. Each node in the tree below the root domain is labeled with a name. The labels are variable in length but less than 63 characters long and Moberg DNS caching considered useful [Page 2] draft-moberg-dns-caching-userful-00.txt 23 Feb 1999 the depth of the tree is limited to 127 labels. A domain name consists of a sequence of labels from the node to the root domain. Labels are separated by dots and the root domain has a null label. An example of what a domain name could look like is: foo.bar.example.com. All nodes that are siblings to the same parent needs to be unique so as to uniquely identify a single node in the namespace. Leaves of the tree represents or translates into one or more resource records. This can be looked upon as if the leaves are indices into a database where one index may resolve into one or more out of several different types of information (IP-address, mailrouting information etc) represented by resource records. The hierarchical structure allow DNS to scale to very large number of end-nodes while providing a (more or less) guaranteed uniqueness among nodes. 3.2 Distributed Delegation Administration for the namespace is delegated top-down. The root domain delegates the top-level domains to registries. Top-level domain registries create and delegate sub-domains and hand out administrative reponsibility to organizations willing to maintain a subdomain. A domain can be described as a subtree with its root at any given node in the structure. Administrators of a given domain may subdelegate the whole or parts to next-level domains. The distributed delegations allow DNS to scale administratively and lets local organizations create and maintain local naming schemes as they seem fit. 3.3 Caching A name server processing a recursive query may have to send quite a number of queries along the delegation tree to find an answer. The caching techniques implemented in DNS today caches the whole query- structure for future reference when searching for nodes under the same domain. For example, a search for foo.bar.example.com puts the nameserver names and IP-adresses for com, example.com, and bar.example.com in the cache. Depending on the TTL of all SOA RRs for the delegations, these records will stay in the cache for a finite timeout period and all further queries regarding nodes in these domains during the timeout will be answered with information from the cache. Name servers cache this data to speed up response time for successive queries through lowering of the number of queries needed to resolve a given name. The caching technique helps the DNS to scale in size without putting load on the root nameservers on the order of O(N), where N is the number of nodes in the database. Moberg DNS caching considered useful [Page 3] draft-moberg-dns-caching-userful-00.txt 23 Feb 1999 4. Low TTLs considered harmful. 4.1 DNS usage today. The broad acceptance and usage of DNS and the lack of competing concepts providing a broadly used way to find resources on the Internet has lead to the fact that DNS is being used for a lot of things it was not designed to do. The authors are aware that this bold statement is a can of worms, since the question of what the DNS was invented for have not got any precise answers. There is a broad spectrum of usages today, more or less structured, ranging from application-layer mailrouting to mapping of IP-prefixes to AS-numbers. Common to most of those creative usages is the need to map a string into something else, be it domain name to IP address or IP-prefix to AS-number. There are (truth be told) other schemes to provide more flexible and perhaps more usable directory-services schemes available to the Internet community today of which LDAP seems to be the most broadly accepted. The problem here is that no widely used global structure is in use. This may or may not change in the future but fact is that there is no replacement for the DNS today. The fact that the DNS is such a large and broadly used service in the day-to-day life of the Internet should be a driving force behind careful expansion of the existing structure and also something to take into consideration when maintaining existing domains. 4.2 Mapping of DNS behaviour to applications. There seems to be a increasing need to store more or less dynamic content in the DNS. The word "dynamic" in this context means that the records corresponding to a domain name may be updated with a much higher frequency than it historically have been. Support for dynamic updates have been implemented in the most widely used server implementations in use. This feature allow updates to take place, as an integrated part of the client-server interaction, eliminating the need to log into the nameserver, edit the zonefile and reload the server. Instead updates may easily be created and submitted through scripts triggered by applications. Examples of services using this scheme today is: - DHCP/RADIUS with dynamic DNS hooks. - Dial-in users using third-party dynamic nameservice. Common to these services is the fact that they strive to separate the static mapping of domain name to IP-address over time and provide a dynamic way to connect domain names to users. There are other examples of use, but this type is by far the most widely deployed. Unfortunately, several implementations of services of the type described above chooses to set the SOA TTL for the dynamic zones to very low values, ranging all the way from a couple of seconds to the hour. Moberg DNS caching considered useful [Page 4] draft-moberg-dns-caching-userful-00.txt 23 Feb 1999 This can be seen as a way of trying to synchronize the content of the DNS database to applications with a completely different set of attributes. This is certainly not A Good Thing since (as we stated earlier in this document) the strength and scalability of the DNS relies heavily on the aforementioned three parts; hierarchy, distribution and caching. If one of them is eliminated, in this case the caching, the system as a whole will suffer. Some of the foreseeable problems with this behaviour are: - Increased load on the primary name servers due to increased number of queries. - Increased response time for recursive resolvers due to the increased depth of recursion needed. It is probably possible to simulate a DNS tree of sufficient size with real-life like load to find out the exact increase in load and decrease in response time when TTLs for parts of the tree are lowered. This is for further study. 5. References [1] RFC 1035, P. Mockapetris "DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION", November 1987 [2] RFC 2136, P. Vixie et al, "Dynamic Updates in the Domain Name System (DNS UPDATE)", April 1997. [3] RFC 819, Z. Su and J. Postel, "The Domain Naming Convention for Internet User Applications", August 1982 [4] RFC 882, P. Mockapetris, "DOMAIN NAMES - CONCEPTS and FACILITIES", November 1983 [5] RFC 883, P. Mockapetris, "DOMAIN NAMES - IMPLEMENTATION and SPECIFICATION", November 1983 [6] RFC 1034, P. Mockapetris, "DOMAIN NAMES - CONCEPTS AND FACILITIES", November 1987 [7] RFC 1035, P. Mockapetris, "DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION", November 1987 Moberg DNS caching considered useful [Page 5] draft-moberg-dns-caching-userful-00.txt 23 Feb 1999 Authors Addresses Carl Moberg Telia Network Services Arenavagen 57, pl 8 S-121 29 Stockholm, SWEDEN Phone +46-456-7274 Fax +46-456-7280 carl@telia.net Amar Andersson Telia Network Services Arenavagen 57, pl 7 S-121 29 Stockholm, SWEDEN Phone +46-456-8968 Fax +46-456-7280 amar@telia.net Moberg DNS caching considered useful [Page 6]