>From: "Russell P. Sutherland" <[log in to unmask]> >To: [log in to unmask] >I have done a very rough sampling of traffic on the backbone IP traffic >this morning (9:30 am Fri 2 Aug 1996) using our sniffer. Here are the >results based on 9036 ethernet frames: > Protocol # of frames Percent > dns (udp) 2025 22 > dns (tcp) 431 5 (snip) >The DNS zone transfers are performed using tcp. Most other queries are >udp. (Please note that I assumed that all of the udp traffic >was dns based. This seemed to be a reasonable assumption >based on the frames that I looked at.) How does this sniffer work? Does it include http accesses? I am having trouble believing that DNS is a total of 27% of backbone traffic. Even the 5% assigned to DNS from TCP seems way too high. All the netscape sessions, or news feeds, running in UofT, downloading text and images, would seem to be hundreds of times more data than DNS. (Even more with all the windows weenies --- I mean office PCs.) I have checked my DNS files and, though our net is small, I have to believe our netscape and ftp use alone must be far larger than these files. (Even more with all the windows weenies --- I mean office PCs.) I can only guess that larger nets with more hosts and terminals, with larger DNS databases, would have proportionately more netscape and ftp use. I recall that netrek, web phone and desktop video all use UDP, and quite intensively. Assuming 100% of UDP is DNS --- at any time of the day --- seems risky. If I am totally out to lunch on this, and DNS is such a large amount of traffic, I have a suggestion. Lets all agree to double our time constants in our SOA records. I can't recall from my reading whether that will cut the traffic by a factor of two or not but it will certainly put a dent in it. I for one would trade propagation speed for added functionality (i.e. continued use of .toronto.edu). Matt Malone