ICANN to allow commercial gTLDs

Robert E. Seastrom rs at seastrom.com
Mon Jun 20 12:35:26 UTC 2011


Randy Bush <randy at psg.com> writes:

> what's new?  how about the operational technical effects, like data from
> modeling various resolvers' responses to a large root zone?

I think the proper model is popular TLDs, perhaps the traditional
gTLDs.  As any (even former) decent sized TLD operator can tell you,
both BIND and NSD are both quite functional for this, and there are
also some proprietary authoritative nameservers out there that have
excellet performance.  Getting north of 100k queries/second answered
authoritatively [*] from a single nameserver process on a single box
(large zone, millions of records) is almost something one can do with
an out of the box config.  Things can get hairy with high update
rates, so I'd encourage ICANN to dig in its heels about the 2x per day
update rate, though even if they did it on demand, the $185k fee is
probably sufficient to keep the number of delegations, and thus
updates, down to a dull roar.

An interesting question is what the load effects will be on the root.
Inasmuch as the root operators (who can provide more detailed data
themselves) send NXDOMAIN, REFUSED, or some SOL-semantically-similar
response to 99%+ of the queries they get already, even a two order of
magnitude lift on the number of legit queries will result in only a 2x
lift in load on the roots.  The operative question is "is two orders
of magnitude a safe guess?".  I don't have a good answer for that.

The team over at ICANN has already likely thought this through in
insane detail and I'm not saying anything new (to them anyway).  Maybe
they can speak to it.

-r

[*] to be pedantic, the AA flag is not set on the response to an NS
query to a delegating nameserver.  We'll call it authoritative anyway,
since it is for the zone in which the delegation lives.  :-P





More information about the NANOG mailing list