Will Vista Overload the DNS?

Jamie Northern writes, "Thanks to new directory software, Windows Vista could put a greater load on Internet DNS servers. But experts disagree over whether we're headed for a prime-time traffic jam or an insignificant slowdown. Paul Mockapetris,inventor of DNS, believes Vista's introduction will cause a surge in DNS traffic because the operating system supports two versions of the Internet Protocol (IPv4 and IPv6). David Ulevitch, chief executive at OpenDNS, a provider of free DNS services, said Vista's use of IPv6 will not disrupt the Internet at large. 'DNS can be improved, but predicting its collapse is just spreading FUD.'"

one solution comes to mind

[Tjebbe]

just friggin deploy ipv6

FUD

[NickyDaFish]

Only unless the majority of the computing world switches over to Vista in a major hurry - I doubt that even in 2 years the majority of the Windows based pc's will have migrated....

Of course it won't cause an overload

[A beautiful mind]

When Vista comes out, it will be introduced gradually compared to the millions of installed Win98/NT/XP systems.

It will take years until/if it reaches considerable marketshare. ISPs have plenty of time to upgrade in the meantime.

Useless to blame this on Vista

[casualsax3]

This has to do with the necessary gradual migration from IPV4 to IPV6, and has nothing to do with Vista. Besides, only routers that support IPv6 will even route the DNS requests to DNS servers. If we want to switch to IPV6, every OS out there is going to have support both in tandem like this. You can't bitch about the slow adoption of IPV6, and then turn around and bitch again when there are insignificant consequences related to the transition.

Re:Why any different than Linux or MacOS X?

[rob1980]

Why would Vista cause any more problems?

Because Vista is going to be used by about a couple hundred million more people than Linux/OSX. Even if there is no real threat, it's worth it just to investigate and make sure.

Stupid

[infolib]

So, many Internet providers have handled 1000% growths over the last few years, but they can't handle a doubling of DNS load over the time it will take everyone to upgrade to Vista?

Yeah right.

Re:Why any different than Linux or MacOS X?

[Midnight Thunder]

Because Vista is going to be used by about a couple hundred million more people than Linux/OSX. Even if there is no real threat, it's worth it just to investigate and make sure.

Maybe I should ask the question differently: why would there be any more requests than there are now with Windows? After all a single DNS lookup should easily get the AAAA and A address in one shot, unless I am misunderstanding the protocol.

A few more comments...

[davidu]

It's also worth pointing out that while Vista might come out on a single day it won't be rolled out in a single day -- it'll take months to years to rollout.

So even if there is an increase in DNS load because of the AAAA before A DNS requests it won't cause rolling blackouts or major network failures.

FWIW, we see about 20% of our requests as AAAA requests. I don't have the number of those that are retried as A requests but I'd guess it's pretty high since we aren't (yet) listening on IPv6 interfaces. We do support AAAA dns requests, of course.

-david

Re:But without FUD...

[IAmTheDave]

Man, if this isn't the most insightful comment on /. this week, I just don't know what is. Being that I have no mod points, consider this my kudos.

Oh noes...

[araemo]

So lets see if I'm understanding this right. Dude who sells DNS server software, is saying that an extra DNS query now and then is going to cause 'massive slowdowns'.

Maybe in user interaction. Perhaps, once IPv6 is used now and then, that second dns query will cause an extra 100 ms delay on top of the first 100 ms delay for the first dns query.. causing a human-noticeable slowdown after clicking a link.

This is a slowdown due to round trip times, not because of bandwidth or processing limits. More sequential round trips = more latency. Nothing new. And the second time you visit a given site? It's cached, no round trip at all. So yes, people might, maybe, kinda notice a difference.. on the first visit to a given website on a given reboot of their computer.

But I don't think an extra lookup will be a huge inconvenience even given the sorry state of ISP dns servers(Which, in my experience, aren't that bad unless they can't look up an address. Timeouts are are bad, mmkay? The correct response is nxdomain, not 'server did not respond' 'lets try the next!' 'server did not respond'.....

Re:But without FUD...

[interval1066]

Less news than the Y2K issue, if anyone remembers that. With probably about the same amount of impact. I'm not Mockapetris, but I do a lot of DNS configuring and client programming, and my hunch is that; as hideous as any M$ product is to me, the impact of Vista's DNS/Bind client impl will not even be noticable.

Re:Remove the need for NAT?

[TCM]

NAT. Has. Nothing. To. Do. With. Security. Period.

With plain NAT and no filter, someone on your outer segment (malicious ISP, hacked ISP, other customers of some cable ISPs, ...) can simply set a route to your LAN via your external gateway. The only thing that helps security is a packet filter - which will work just fine with or without NAT.

Get rid of NAT now, the sooner the better.

Re:Why any different than Linux or MacOS X?

[Ryan Amos]

It will take corporate customers 3 to 5 years to make the transition. Many companies have just recently phased out all their Windows 2000 boxes.

Re:Remove the need for NAT?

[jafiwam]

Like what?

What the is it that you expect the average NAT user to be doing that matters with the "end to end paradigm of the internet"?

I am a geeky person, and know what? My NAT-ing Linksys router has never failed to meet my needs for my home internet/home network. In fact, it has a bunch of stuff that I am never likely to use. Ever.

Why are you putting any value on "end to end" when one of those legs is nothing but a threat to the average user (unsolicited inbound).

If it is NOT a threat and you want the inbound traffic, you got a full blown firewall and a DMZ and NAT and know how to configure it, and guess what! Still not a problem!

People like you annoy the piss out of me.

"NAT is not a firewall" (no, it's not, but for the purposes of why an average person that buys them thye sure as fuck are, and WAAYY better than any software solution running on Windows.)

"End to end" Eh? half of that is NOT WANTED. Grandma Joe does not FUCKING WANT any inbound traffic PERIOD. None. Get it? So her "paradigim" is sufficiently fulfilled by "End to".

Re:Windows IPv6 support

[TubeSteak]

we're going to run out of new IPv4 addresses to hand out in a few years.

I agree with you that it'll happen in the long term.

BUT, in the short term, (w/c)ouldn't the shortage be helped by redistributing some of the address floating around unused on Class A & B networks?

It's funny, because some of the arguments made by Class A holders against giving back their block, is that they don't want to spend the time & money and/or go through the hassle of renumbering their networks if the arrival of IPv6 is going to moot the issue.

And of course, nobody wants to spend the money to implement IPv6 unless they have to.

Remeber 2002

[SlOrbA]

Didn't we get this thing tested in 2002. Haven't we learned anything? or has it all been forgotten?

http://www.internetnews.com/dev-news/article.php/1 486981 [internetnews.com]

Even when Vista comes out it won't have instant effect on the over all system, but the load will grow in time and the system will have to be customed for that.

Overload the DNS?

[eniacx]

Before freaking out. Look at their algorithm.

From TFA:
"""For example, Microsoft designed Vista so PCs will query in the address of the type assigned to the system, the company said.

Computers that don't have an IPv6 address will not do IPv6 queries, the company said.

Also, when a machine does do an IPv6 query, it will do so only to a DNS server that responded to its initial IPv4 query, the company said. "Name errors are not repeated, so the Net traffic will less than double," it said."""

Re:Why any different than Linux or MacOS X?

[rabbit994]

Most Corporate networks will run their own DNS servers and cache results so the increase in traffic will happen but it won't be the disaster the article is predicting. DNS packets are pretty small.

Re:At the risk of further insult....

[vadim_t]

Ok, then you're way too attached to the old times. Nobody I know gives a damn about a couple percent extra overhead in network traffic (especially when the available bandwidth keeps growing, and my ISP upgrades it for free once in a while), however, everybody loves the idea of getting rid of NAT, having a /48 for themselves, automatic address configuration, and lots of other nice things that come with IPv6. Probably also lower ping times, due to improved routing. I wish they also upgraded the port numbers to 32 bits, but ah well.

IPv6 means your TCP packets will get 20 bytes larger. That means that your downloads will take about 1.5% longer. Oh the horror!

Re:Windows IPv6 support

[TDRighteo]

What you're missing is that the cost of that static address is administration (and pure profit), not rarity. Dynamic IPs on ADSL don't save ISPs all that much IP space. Most people have always-on routers these days, not USB modems, so 80%+ users are always connected. Your dynamic IP isn't NATed, so you might be using up as much as a 1/5th of an IP by buying a static one. Big deal, when that same IP could have been used up by somebody on a cheap entry-level plan that costs only slightly more than your $20/month.

The problem comes with ADSL is that you have to have the IPs to be in the game. You need static IPs for everybody (not because you couldn't NAT, but because users expect a REAL IP) which means a /16 only buys you about 65024 customers. (Some networks don't like you handing out IPs that look like broadcast or network addresses in a /24, so you'd be lucky to use the full 65536 IPs.)

So, even with migration from dialup, usage is going up, and if current trends continue then IP space is going to get rather tight from all the ADSL users.

Re:But without FUD...

[tolkienfan]

Maybe he was refering to his own post.
Plus I disagree. This is the most insightful comment.

Re:Remove the need for NAT?

[TCM]

If you call it "accidental" yourself, it's not security in the first place. That's like "hiding" a flawed service on a non-standard port and calling it secure.

NAT no security?

[phooka.de]

Of course NAT has nothing to do with security. All those worms probing specific ports for known vulnerabilities are not stopped at all be the fact that NAT hides the unused but open ports to the outside world and redirects the others.

Bullshit.

NAT does help against a certain sort of attack. Maybe only against this sort of attack. Fortunately, against the propably most common sort of attack you can't do anything about. (You can to something about infected websites: use a different browser).

Security is not binary, it's relative. NAT adds yet another bit of security for your computer. Can you feel save with NAT only? Hell, no! Can you feel saver than without NAT? Ask my Windows-using friends that hook their machines up to the net directly how many times they had to reinstall windows untill they could download the security fix from MS faster before they were hit again. Can't remember which worm it was (it khad a bug in its implementation and kept rebooting the machines, you'll know which one I mean). I'm not running Windows, so I didn't care. But fior them NAT would have been a good protection at the time.

Re:But without FUD...

[Anonymous Coward]

However, what a fuxored up summary! The feared DNS slowdown is not anything about Vista, it's about the introduction of IPv6. Save the Microsoft blaming for the real and justified occasions, please.

And perhaps not everybody, even at Slashdot, immediately remembers what "DNS" stands for, you might expand it out frigging *once* in the summary. (I know this acronym from at least three different fields.)

(On a lighter note, can we start calling IPv6 "Internet 2.0"? Or is "Intarweb 2.0" more appropriate...)