Subject: Re: Adding TTL information to gethostbyname() and friends
To: NetBSD Networking Technical Discussion List <tech-net@NetBSD.ORG>
From: Bill Studenmund <wrstuden@netbsd.org>
List: tech-net
Date: 06/02/2003 14:53:52
On Mon, 2 Jun 2003, Greg A. Woods wrote:
> [ On , June 2, 2003 at 10:16:54 (-0700), Ian Lance Taylor wrote: ]
> > Subject: Re: Adding TTL information to gethostbyname() and friends
> >
> > The round trip time for the DNS query would add measurable time to the
> > download. To avoid that time, browsers maintain their own cache, but
> > because they do not use the correct TTL, the cache is slightly
> > incorrect.
>
> Yuck. What a horrible situation. Clue-by-4 the browser authors.
No, clue-by-4 the OS vendors/sys admins. The browser authors installed the
caches as a reaction to perceived (and often real) poor performance of
their browsers.
If infrastructure had been around, we would not be where we are now.
> DNS cache should always be "local" to the application -- i.e. within
> reach by a very minimal RTT.
>
> If you're talking about doing this only in NetBSD (and maybe the other
> *BSDs) then the correct fix is always to eliminate all application
> specific DNS caching in pkgsrc hacks and instead to simply turn on a
> local DNS cache server by default.
Then you open yourself up to security issues with bind. Among other
things. :-|
> If you're talking about proposing a fix that could generically work for
> everyone then the correct fix is to implement a portable in-core-only
> cache that can be placed invisibly in libbind/libresolv/libc/whatever
> behind gethostbyname() and friends and still convince all application
> authors to eliminate all DNS caching from their applications.
I think Ian is wanting to propose a fix that might get widely accepted. If
embedding a cache in libbind/libresolv/libc/whatever would have worked, we
would not have this issue now.
We aren't going to get the browser authors to remove the caches. I think
though that we can get them to take TTL info if we give it to them.
> It is never "right" for an application to cache DNS information and thus
> it is never "right" for an application to need the DNS TTL values.
Why is it not right? The uses I've seen of caches try to put the cache as
close to the user as possible. Thus if the application wants it in itself,
that's as close to the user as you can get.
I agree it's wrong to force applications to have to do the caching
themselves, but if they want to, why shouldn't they? The issue we're
seeing now is that the name lookup routines don't return enough info for
them to do it right.
Take care,
Bill