Speaker
Description
Different DNS resolver implementations handle delegation from parent to child zones in different ways: some resolvers are strictly parent-centric, while others use whatever information is currently available in the local DNS cache, or offer a child-centric mode that always fetches authoritative NS records. In theory, this difference should not affect the ability to resolve domains, since the parent and child sides of a zone cut are expected to hold identical records. In practice, however, this assumption does not always hold true.
Experimental testing of these approaches is challenging because switching a resolver from parent-centric to child-centric behavior is complex and labor-intensive, and real-world resolvers do not provide a configuration option to run in both modes. Fortunately, the latest development version of BIND has adopted the parent-centric approach. This change provides a unique opportunity to compare how the same codebase behaves under a strictly parent-centric model versus the more traditional approach.
In this talk, we present measurements comparing the new parent-centric version of BIND with the original RFC 2181 version. Our primary focus is on the ability to resolve queries and the error rates experienced by end clients while resolving names on the real Internet, where parent and child records sometimes differ. Additionally, we measure end-client latency and resource consumption on the resolver.
| Talk duration | 20 Minutes (+5 for Q&A) |
|---|
