PDA

View Full Version : Why can't the UBRs do DNS?


altis
07-06-2006, 11:11
Okay, maybe the UBRs don't have the hardware to do DNS but there could be a machine that is 'close' to the UBR that does. Am I missing something or would this not improve the customer experience enormously for quite moderate expense.

A traceroute to 194.168.8.100 this morning reveals a direct connection between Manchester and Winnersh which I'm sure wasn't there a few days ago. This is much better than travelling all round the country but is still not half as good as it could be. Why so?
Tracing route to cache2.ntli.net [194.168.8.100]
over a maximum of 30 hops:

1 7 ms 10 ms 8 ms 10.235.100.1
2 8 ms 7 ms 8 ms bagu-t2cam1-a-v122.inet.ntl.com [80.5.162.89]
3 15 ms 38 ms 7 ms bagu-t2core-a-ge-wan64.inet.ntl.com [80.5.161.21]
4 9 ms 13 ms 8 ms man-bb-a-so-310-0.inet.ntl.com [213.105.174.69]
5 9 ms 9 ms 12 ms man-bb-b-ae0-0.inet.ntl.com [62.253.187.178]
6 15 ms 13 ms 49 ms win-bb-a-so-300-0.inet.ntl.com [62.253.185.138]
7 14 ms 14 ms 16 ms win-dc-a-v902.inet.ntl.com [62.253.187.222]
8 14 ms 15 ms 15 ms cache2.ntli.net [194.168.8.100]

MagicMan
07-06-2006, 21:39
I'm not quite sure how a traceroute relates to DNS. A traceroute simply displays the number of hops to get to a particular host.

DNS is the mechanism where the hostname or URL is translated to the IP address.

altis
07-06-2006, 21:48
Mmm... I didn't mention that 194.168.8.100 is NTL's primary DNS server in Winnersh. The other one is 194.168.4.100.

Virtually every time you click on a link, your browser will have to check out with Winnersh first. Causing unnecessary, traffic, unnecessary delay and unnecessary all-your-eggs-in-one-basket-ness.

kronas
07-06-2006, 22:02
yep i see your point, why cant NTL employ local DNS servers ?

dev
07-06-2006, 22:09
if you are that bothered, why not setup your own dns server?

Jon T
07-06-2006, 22:21
if you are that bothered, why not setup your own dns server?

because http(webpage) traffic wil still be intercepted by the proxy caches that do their own DNS lookups using NTL's own DNS servers.

jtwn
08-06-2006, 11:59
How many other providers offer decentralised DNS servers? A 15ms wait for a DNS reply is basically negligible when it comes to waiting for the the actual page to be downloaded.

shin0r
08-06-2006, 12:36
Mmm... I didn't mention that 194.168.8.100 is NTL's primary DNS server in Winnersh. The other one is 194.168.4.100.

Virtually every time you click on a link, your browser will have to check out with Winnersh first. Causing unnecessary, traffic, unnecessary delay and unnecessary all-your-eggs-in-one-basket-ness.

The 194.168 addresses are frontend IPs for a farm of DNS servers that sit behind them. The traffic goes to Winnersh because a number of the core routers are there. I don't know what you mean by "all-your-eggs-in-one-basket."

You can't have DNS servers at every UBR, due to cost and complexity. Every time a DNS change is made it would have to be synced to every UBR in the country. Add to this the extra sysadmin time needed to service nodes all around the country and it becomes unmanageable.

James Henry
08-06-2006, 12:44
Mmm... I didn't mention that 194.168.8.100 is NTL's primary DNS server in Winnersh. The other one is 194.168.4.100.

Virtually every time you click on a link, your browser will have to check out with Winnersh first. Causing unnecessary, traffic, unnecessary delay and unnecessary all-your-eggs-in-one-basket-ness.

194.168.4.100 is in Guildford, 194.168.8.100 is in Winnersh - doesn't seem that 'all-your-eggs-in-one-basket' like to me.

The uBRs can't do DNS because they are routers, not servers.

Webcaches might be able to fulfill all your DNS needs though.

APS
08-06-2006, 13:54
From previous experience at the time of faults I believe that some of NTL's webcaches already do DNS caching, at least for webpages requested from them. It is a common feature of web proxies, so it would surprise me if they had not enabled it.

APS

altis
08-06-2006, 14:13
I come from a background in Transputers and distributed computing. There we would make every effort to ensure that, for best performance, frequently accessed data was held locally. We wanted to avoid having the same information dashing back and forth across the network. To me, this seems a natural thing to do. I like diversity and decentralised things.

As I understand it, every NTL customer has the Winnersh DNS as primary and Guildford as secondary. Therefore, everyone's browser will try to access the Winnersh one first unless the transaction times-out and then it will go to Guildford. I don't deny there is a backup but at busy times this could still lead to a single point overload. However, it may be that some customers are configured the other way round - I don't really know.

UBRs can do other things - for instance, they also act as time servers (although my local one isn't very acurate) - but they may well not be capable of DNS - agan, I don't know.

IMHO, if there were a problem cascading DNS servers then there would only be one in the world.

dev
08-06-2006, 14:49
because http(webpage) traffic wil still be intercepted by the proxy caches that do their own DNS lookups using NTL's own DNS servers.

oops forgot about that, but surely the proxy caches will also cache the dns requests?

and to the post above mine,

the default primary for me is 194.168.4.100 with .8.100 secondary. Always has been that way. However, as i've moved to my own proxy i'm using my own dns servers so technically i use neither :)

Begize
10-06-2006, 08:25
oops forgot about that, but surely the proxy caches will also cache the dns requests?

and to the post above mine,

the default primary for me is 194.168.4.100 with .8.100 secondary. Always has been that way. However, as i've moved to my own proxy i'm using my own dns servers so technically i use neither :)

If you're on an NTL connection, you're behind a transparent proxy and therefore using that and the NTL DNS servers even if you have your own too.

I too have my own proxy server and DNS but still suffered with the recent DNS problems.

dev
10-06-2006, 13:27
If you're on an NTL connection, you're behind a transparent proxy and therefore using that and the NTL DNS servers even if you have your own too.

I too have my own proxy server and DNS but still suffered with the recent DNS problems.

transparent proxies only affect web traffic / traffic on port 80 of which my proxy is not so i in fact don't use ntl's dns servers

Chrysalis
10-06-2006, 18:49
in normal circumstances 2 dns servers should defneitly be enough for an isp, but in case of DDOS attacks things can change. New dns or not if ntl simply added say 2 more dns servers and did nohing else, they would still probably drop with an attack.

Begize
10-06-2006, 19:15
transparent proxies only affect web traffic / traffic on port 80 of which my proxy is not so i in fact don't use ntl's dns servers

Fair enough. Do you mean you're using an external (i.e not your), non NTL proxy on another port then I assume? If not, how have you managed to defeat the infernal NTL proxies?? AFAIK any proxy behind them, even though it's operating inwards on, say, port 8080, would still be making requests for webpages on the regular port 80 and so having to route through the NTL ones. :confused:

Paul
10-06-2006, 21:48
Every time a DNS change is made it would have to be synced to every UBR in the country. Add to this the extra sysadmin time needed to service nodes all around the country and it becomes unmanageable.That's a non existant problem. The nature of DNS is that it updates itself, there are thousands (or more) of DNS servers around the world. It would make sense (esp after the recent problems) for each of the main router centres to have it's own set of dns servers (like they already have their own proxy servers). That would make a loss of service due to ddos much less likely (or localised). Each proxy server could have it's local area dns server as it's primary, and another area as it's secondary.