Exploring the utility of Stateless TCP for
highspeed, high-load DNS under FreeBSD
This project is motivated by Geoff
Huston's proposal (Blog
With the IPv4 address space coming to an end, and IPV6 and DNSSEC being deployed more rapidly,
there is a risk for DNS responses to become too large to fit in a single 512 Byte UDP packet.
This situation could culminate into two problems:
- Either the client is forced to resend the query via TCP
- or, if the DNS server allows to generated UDP based responses larger than 512 Bytes,
the packet might be dropped by firewalls and filters along the path
In both cases the simple solution is to revert the clients to use TCP only, which would
generate a massive load on certain DNS servers, and cause denial of service.
Geoff Huston proposed that if the TCP connection
establishment steps were simplified, the process of
setting up and tearing down TCP sessions would become
significantly less computationally expensive, and DNS servers would be able to support
a sudden massive increase in TCP based DNS queries.
This project delivers statelessTCP, an implementation of these ideas in the FreeBSD-CURRENT (FreeBSD 9) kernel
and analyses the performance gains and viability of statelessTCP, using an unmodified BIND 9 DNS
The FreeBSD kernel patch can be downloaded here, while the technical report
with the performance analysis can be obtained here