[dns-wg] Elimination of 2nd level ccTLD domain names

At 4:23 PM +0300 2004-10-25, Yiorgos Adamopoulos wrote:

>                      Actually you do not have to run a database instance
>  on every node where you want to run a DNS server.  Why not have the
>  Database system produce the zone files for the nameserver of your taste
>  (be it NSD, tinydns, BIND, etc) and then rsync to the actual servers?

	Well, for NSD, using large zones will cause it to eat memory 
exponentially.  It pre-calculates all possible questions and all 
possible answers before it loads the zone(s), and then creates a jump 
table.

	I remember at RIPE 44 that we got a report from the folks up at 
SUNET, who had tried using NSD to serve the ccTLDs they handle, and 
even though it was a monster machine with many gigabytes of memory, 
that still wasn't enough.  BIND will probably be better in this 
respect, but I doubt it's going to be manageable, either.

	If you're bound and determined to go with a completely flat 
namespace for what will be the largest TLD in the world (Europe 
already has more citizens than the US, more citizens online than the 
US, and a faster growth rate than the US), then I think you have no 
option but to go with a database back-end for operations as well as 
maintenance.


	Sure, in a few years the Chinese or Indians may take over the #1 
position (since both countries have unbelievable growth rates and 
over one billion population each), but that's still several years 
away and they can always look at whatever solution Europe has 
pioneered to handle these extremely large ultra-flat zones.


	Of course, your operational database could be trimmed to just the 
absolutely necessary information and loaded non-real time from the 
maintenance database which does include all the desired information, 
but that's still going to be a big database.

	I doubt that you're going to have any practical option but to use 
ANS from Nominum.  NSD certainly isn't going to cut it, PowerDNS 
certainly won't cut it, I don't think that BIND will have the 
necessary high-reliability interfaces, and I don't know of any other 
large-scale database back-end nameservers (dlz-bind is a nice toy, 
but certainly won't be able to scale to this kind of level).


	That is, unless you want to hand everything over to someone else 
to operate as a service for you -- like UltraDNS.

	Oh, wait -- they bought the business from Nominum, who was using 
ANS for their customers, and UltraDNS almost certainly still using 
ANS today....

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.