[94324] in North American Network Operators' Group
Re: DNS Query Question
daemon@ATHENA.MIT.EDU (Dennis Dayman)
Thu Jan 18 15:12:50 2007
Date: Thu, 18 Jan 2007 14:11:45 -0600
From: Dennis Dayman <dennis@thenose.net>
To: David Ulevitch <davidu@everydns.net>
Cc: Nanog <nanog@merit.edu>
In-Reply-To: <45AFC68C.1020400@everydns.net>
X-Envelope-From: dennis@thenose.net
X-MDaemon-Deliver-To: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
David Ulevitch wrote:
>
> Dennis Dayman wrote:
>>
>> I have a customer having some DNS issues. They have done some research
>> regarding some DNS timeout errors they saw with Verizon's sender verify
>> looking up their MX records. What they have discovered is their
>> current DNS service has a 1% failure/timeout rate. They are exploring
>> other vendors (UltraDNS for one), but need an estimate of the number
>> of DNS queries for accurate pricing to put together a ROI argument for
>> the
>> switch.
>>
>> I have no IDEA if this can be determined, but what is a good estimate of
>> the number of DNS queries generated from sending an email?
>
> That's not a good tack to take to figure out the answer.
>
> Just check the logs of your current DNS server and count 'em up.
>
> UltraDNS isn't cheap. But neither is downtime, I suppose.
Here's what Chuq figured.
If I’m sending from my machine to your machine, here’s what I think is
the right sequence.
HELO foo.com (generates a call to the IP of the socket to compare to
foo.com)
It’s also going to look up the foo.com to make sure it resolves
MAIL-FROM – it’ll look up the domain to make sure it exists, I believe.
So I think the baseline is 3, plus whatever anti-spam a site might use:
DKIM, Sender-ID, SPF all generate at least a lookup of a TXT record, and
depending on how they’re implemented, maybe an A. Some of the anti-spam
stuff might pull MX to verify a return path exists, too.
I’d say the minimum is 3, max is around 8, assuming nothing cached
anywhere, for a new connection with one email sent. Multiple emails on a
connection helps, and pipelining helps more (but individually optimized
emails hose that); client side caching helps a lot but we can’t depend
on it.
If they want to send a message back (DSN, say), that’s going to pull the
A record, then the MXes, and then for each MX, I believe it does a
reverse lookup to get the name, and that iterates for every MX until
sent or you run out of MXes.
-Dennis
