[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Teredo server selection



Nathan Ward wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 23/12/2007, at 11:28 AM, Florian Weimer wrote:
* Nathan Ward:

1) Lookup A record for `_teredo._udp.arpa.' (or whatever. Note the
trailing . - we don't want to be looking up
`_teredo._udp.arpa.defaultdomain' etc.)
You should really discuss this with DNS people. This is a very bad idea
because it produces lots of pointless queries which need to be handled
somewhere, probably on a production name server.


You are talking about the use of .arpa, I assume, and query load on the root servers?

I think I understand the concern, but negative caching would deal with this, same as it does for .local., .invalid., etc. The negative TTL on both .arpa and . is 86400s.
The default maximum negative cache TTL for BIND9 is 3 hours (10800s).
This overrides the negative TTL on any zone with longer TTL.

(*Relying* on negative caching as a key part of any design, is a *bad* idea.)
We're only talking about 1 query each time the Teredo client boots,
This would be 1 query per day per Windows box, roughly. Okay, maybe not *every* day, but often enough, like on Patch Tuesday, every Windows box reboots at roughly the same time, and generates
one query.
so load on ISPs' recursive nameservers is not large - my laptop does several queries per minute when idle, let alone at boot time or when it's actively doing something.
What about the case where hosts have been set up with local recursive servers (i.e. on the host itself)? Those would *all* hit the root and TLD server(s) for .arpa. in each such instance (host reboots).

Besides which, I don't understand why this *shouldn't* be something locally instantiated, if it is supported by the ISP. Something like, "teredo.defaultdomain", by looking up "teredo" with no trailing dot.

I'm wondering why it is even necessary to do any of this set-up, before starting an application that actually wants/needs Teredo service.

I don't know what the proportion of hosts with Teredo enabled, which actually *use* it is -- but if it is substantially less than 100%, I think the operational impact to Teredo potentially interfering with native IPv6, should be given strong
consideration.

The coding convenience of "do this when we boot" is not a strong argument in favour of any particular
approach, when "do this" involves Internet-wide interactions.

Brian