Will Vista stall Net traffic?

(continued from previous page)

Vista's use of IPv6 will not disrupt the Internet at large, said David Ulevitch, chief executive at OpenDNS, a provider of free DNS services. "DNS can be improved, but predicting its collapse is just spreading FUD (fear, uncertainty and doubt)."

"Vista cuts into some of the slack space already in place for shock load."

--Dan Kaminsky, independent researcher

While there are name servers that are running close to capacity, Kaminsky, in a preliminary scan, said he found most networks have quite a bit of spare capacity. "Vista cuts into some of the slack space already in place for shock load," he said.

The DNS system is relatively complex. Vista, in fact, won't query twice every time it sends out a DNS request, Microsoft said. There will be some more traffic, but the Redmond, Wash.-based software maker does not expect Vista machines will impact the overall functionality of the Internet, the company said.

"We feel we have designed our implementation of DNS to be very efficient by querying twice only when absolutely necessary," Microsoft said. "In our beta deployments with enterprises, we have not found the DNS queries are resource intensive and do not believe DNS queries from Windows Vista machines will cause a large surge in queries overall."

For example, Microsoft designed Vista so PCs will query in the address of the type assigned to the system, the company said. Computers that don't have an IPv6 address will not do IPv6 queries, the company said. Also, when a machine does do an IPv6 query, it will do so only to a DNS server that responded to its initial IPv4 query, the company said. "Name errors are not repeated, so the Net traffic will less than double," it said.

At least one of the technologies related to IPv6 in Vista was changed recently, after the release of Beta 2 in May, Microsoft said. Vista will now acquire a so-called Teredo address only when an application requires its use. Teredo is a tunneling protocol to use IPv6 with networking gear such as certain routers.

Nevertheless, an eye should be kept on bottlenecks such as DNS forwarders, name servers at ISPs that handle queries from thousands of broadband customers, said Cricket Liu, a DNS expert and vice president of architecture at DNS appliance maker Infoblox.

Still, Liu calls Mockapetris' prediction of brownouts "a little alarmist." A major factor will be the speed at which Vista is adopted and while Microsoft might like to see an overnight worldwide upgrade, most pundits expect Vista's adoption to be gradual, even slow.

Representatives for Comcast, Verizon Communications and EarthLink, all companies with a high-speed Internet access business, were not available to comment on this story.

The worst-case scenario, Kaminsky said, is a couple of spot failures occuring during peak hours at select organizations. "The one exception might be a few enterprise customers running really close to the redline on their name servers. I could see checking for spare capacity on the name server if 50,000 systems got moved over to Vista overnight." Such a big migration, however, is rather unlikely, he added.

Already millions or people are running trial versions of Vista and Microsoft is working with ISPs as well as part of its beta program, the company said. Vista is slated to be broadly available in January. Microsoft only last week made a near-final trial version of the operating system available to testers and said Tuesday that the program will eventually be expanded to roughly 5 million testers.

Mockapetris, responding to Microsoft, said the company appears to have "a good, if static, strategy." Yet, he questioned it. "Some reports have claimed to observe different behavior; it might be that Microsoft changed the strategy as they fine-tuned things."

[darkane]

Propaganda..

After reading the article, I went and tested it myself. And the results are..

This guy is a complete idiot.

Yes, Vista has support for IPv6. But guess what, so does XP and 2000. It is not the main DNS method in Vista, and you have to manually turn support for it on for it to work.

[DraconumPB]

That's right... it's optional

You can easily uncheck IPv6 in the network settings dialog, just as easily as you can disable IPv4. That's why they HAVE those silly little boxes in the first place...

And besides, just because the machine has support for IPv6 doesn't mean that you're using an IPv6 IP address to connect to the internet.... why would your PC even care about IPv6 at a time like that?

[CubanPete]

What about DDOS Attacks using DNS?

If i could remember the exact story i'd post the link, but a while back (maybe a few months) i read a story about attackers using DNS servers to perform DDOS attacks by spoofing an IP. Although there was concern at the time, this guy seams to be even more concerned about this, its hard to believe he is seen to be one of the people behind DNS

[Jesus#2]

I thought...

I thought the article was going to talk about all of the viruses,
worms, and spam being spread over the internet through Outlook
and zombie windows boxes...
Now Vista will up the traffic by default.. as well as being a host for
viruses and malware.

[Seaspray0]

It just goes to show...

That's what you get for thinking.

How is Vista going to clog the internet? Do do that, it has to be used, meaning you have to have people willing to buy it or upgrade to it first. So far I haven't seen anyone standing in line yet. It seems IT departments are moving more to the attitude of "if it works now, then don't upgrade it."

[Mr. Network]

Utter nonsense

ohs nos its the end of the interwebs when Vista gets deployed. This is like Y2K re-lived, teh DNS and interweb will be teh kaput! I think I hear Chicken Little saying 'The sky is falling!'. These anti-M$, anti-Vista, anti-Corporation, anti-Government hippies are just frothing at the mouth and obviously will say anything they can to demonize this new product.

DNS regardless of how many protocols are installed on a given machine is a very thin process. It takes quite a bit to overload a DNS server, you would be more likely to overload the network connection before the DNS servers. Even in the event that you couldn't get to a DNS server, you'd be refered to another one, that is how the system is structured. The likelyness of a root server being taken out is slim, even so, there are redundant systems in place and there are more than 1 root server.

Guy needs to get some more edumacation.

[ralfthedog]

Anti Microsoft is pro business.

I am pro business. I know far too many good software companies that have had innovative ideas that have decided not to go to market with them because Microsoft would come out with a third rate version and spend lots of marketing money to run them out of business,

Microsoft is anti business anti any corporation other than Microsoft and anti innovation.

[philchil]

Yahoooooo

WELL PUT!! Most of their problem is they can't learn anything else, so more education would definitely overload their dns servers

[ksajflkjdslfkj alksejdlka]

Quick to judge

First of all, please learn how to type and/or spell.

Second, Mockapetris WROTE the DNS protocol, I think he's a bit more edumacated than you.

Finally - the article misses a critical element. Mockapetris is talking about the risk that ISPs don't have sufficient CACHING DNS resources. In DNS, reducdancy is most significant when it comes to AUTHORITATIVE servers - where you routinely have three servers and can go to many more. You can generally only enter two caching DNS servers, and the servers at many ISPs are very close to capacity (due to lack of attention).

I think it's quite likely that Mockapetris is overhyping the issue, since Nominum has a product to sell. But I have personally experienced major problems with latent CACHING DNS from my ISP - which uses a third party that wholesales to a number of other ISPs. The servers are close to maxed out, and having a number of clients start double requesting could make like hell. And, of course, no one at the ISP knows diddly about DNS.

[bahead]

Interweb?

"Interweb"? What's that? Kind of like the "InternetS"?

"Guy needs to get some more edumacation [SIC]."? Really? The guy who is credited with INVENTING DNS needs to get more "edumacation" about DNS?

He may be alarmist, but better to err on the side of caution when dealing with Microsoft. I have no confidence in the claims of a company that has a history of poor and insecure coding.

The only reason I think he is wrong is because I don't think anybody will upgrade to Vista, at least not quickly. Vista is the most significant resource hog Microsoft has ever produced, snarfing up a huge amount of disk space, RAM and CPU cycles for marginal visual improvements. I'm sticking with W2K and WinXP until Microsoft stops supporting them, and then I'm switching to Linux or a Mac.

B.

[ehfla]

XP Also Supports IPv6

No Big Deal. Contrary to what the article stated, XP does support IPv6 (just take a look at your network settings in Control Panel). Most home and many corporate routers don't support IPv6 anyway, so Vista is not going to have a huge impact in the short term.

[ralfthedog]

Does XP do a double look up on every query?

And does it do so by default?

[Xalorous]

wrong

Most "corporate" (substitute enterprise) routers do support IPv6, and have for several years now. They just do not have IPv6 on by default.

"On by default" seems to be the whole issue here.

This whole conversation is FUD. I think the reason it was put on this website is so the writer could use FUD in the article.

Oh, btw, OP, bad form to abbreviate Washington.

[thedreaming]

Why the panic?

Even if what they say is true, Vista is still not complete. There is still time to just change it so that it only uses ipv4 only. What's the big deal?

[Penguinisto]

Depends...

If MSFT acts quickly enough, Vista should pick one or the other as a primary DNS source, where it tries a query in IPv4 first, then IPv6 after a timeout period if the first one fails (then again, the original plan to do two queries is rather stupid IMHO...)

But the blame isn;t just on MSFT: IPv6 is coming anyway, and DNS services should've been written to anticipate this no matter which OS is asking (e.g. look at the inbound query source addy and determine version from its format, then format the reply to the asking machine as appropriate).

[mcugaedu]

Why blame Vista?

If current infrastructure won't support IPv6, that's not Vista's fault. Why blame Microsoft for using up-to-date technology?

The answer: Because it's fashionable to blame Microsoft for everything.

[ralfthedog]

It is our moral responsibility.

Why blame Vista? Doing simultaneous IP v4 and an IP v6 queries is just plain silly. Like Penguinisto said. Vista should try the query on Ipv4 first and only try IP v6 if it fails. Will this crash the Internet? No, it is an example of the very bad engendering that went into Vista.

We have a moral responsibility to point out as many flaws in Vista as we can. This gives Microsoft a chance to fix some of the most disturbing issues, and with any luck, we can talk a few users out of upgrading. Perhaps we can even talk a few people into moving up to Linux.

Vista with its wide open security will slow down the Internet. This is just one small straw.

[ethernet76]

right

up-to-date technology like EFI? Or more like up-to-date DOS
support?

[Macsaresafer]

Yikes! I have to agree.

I like to blame Microsoft for everything bad in the world because I
figure that way I'll be right at least half the time, but this is just
silly. As a Mac user who's had IPv6 capable systems for years now,
I'm glad to see Microsoft finally adding the support. It's long
overdue.

[TV James]

Don't panic!

Vista will have the slowest adoption of any recent version of Windows, if Office adoption rates are any indication.

[KTLA_knew]

Keep 'em coming!

You guys are hilarious!

[ralfthedog]

Microsoft DRM and registration is a good thing after all.

I know more and more people who are leaving Microsoft just because the DRM is a huge pain when you have to format reinstall or change out hardware.

[Penguinisto]

CNN confirms that...

http://money.cnn.com/2006/09/07/technology/Reality_check_Vista.biz2/index.htm?cnn=yes

[rklrkl]

Why doesn't Vista have an option to turn it off?

If doing this "double lookup" is supposedly going to cause DNS net chaos, then surely a simple move would be for Microsoft to allow users to turn off support IPv6 in Vista (maybe they do allow that in Vista, but the article doesn't state this)? That way, Vista users' lookups will be quicker and everyone will be happier. I can turn off IPv6 support in Linux distros fairly easily, so why not Vista?

[ethernet76]

You can

I'm pretty sure you can turn IPv6 off in any OS that can use it.
However, a lot of us believe it should be left off by default.

Home users rarely need it, and businesses usually modify core
OS settings before deployment. So by default it should be off.
Like any rarely used service should be.

This is why Windows users have so many problems. There's a
ton of features most of which are on by default. Half of the older
viruses relied on never-used network features which were on by
default.

From microsoft's standpoint it's just easier for them to turn
everything on. It's less support calls because they didn't know
they had to turn on DCOM or some other setting.

[ethernet76]

You can

I'm pretty sure you can turn IPv6 off in any OS that can use it.
However, a lot of us believe it should be left off by default.

Home users rarely need it, and businesses usually modify core
OS settings before deployment. So by default it should be off.
Like any rarely used service should be.

This is why Windows users have so many problems. There's a
ton of features most of which are on by default. Half of the older
viruses relied on never-used network features which were on by
default.

From microsoft's standpoint it's just easier for them to turn
everything on. It's less support calls because they didn't know
they had to turn on DCOM or some other setting.

[DrtyDogg]

From TechNet

Disabling IPv6
Unlike Windows XP, IPv6 in Windows Vista and Windows Server ?Longhorn? cannot be uninstalled. To disable IPv6 on a specific connection, you can do the following:

? In the Network Connections folder, obtain properties of the connection and clear the check box next to the Internet Protocol version 6 (TCP/IPv6) component in the list under This connection uses the following items. This method disables IPv6 on your LAN interfaces and connections, but does not disable IPv6 on tunnel interfaces or the IPv6 loopback interface.

There are also instructions on how to change the behaviors of it via the registry including as stated above, to check ipv4 before ipv6.

Deja Vu all over again

Windows 2000 was supposed to collapse the net, too. Rememeber that?

[ralfthedog]

It did.

The raw sockets left open with windows 2000 lead to all sorts of nasty exploits worms and stuff. I will admit that there were fewer packet spoofing DDOS attacks then were expected, but that is largely because hackers found much more fun things to do, and better ways to make money.

Next time you find your inbox filled with spam, just remember that most of it comes from bot nets, and quite a bit of that comes from raw socket exploits.

[GrandpaN1947]

Fear DRM attack not DNS

Vista is rife with built in DRM viruses. That's what you should be concerned with, owning a PC that won't act like a PC. Get ready. The DRM attack will soon hit a computer near you.

[rapier1]

Not really a problem...

Okay, the thing is a lot of people might have IPv6 enabled but
*most* people won't be supplied with a valid routable IPv6 address
because they won't be attached to an IPv6 network or have access
to an IPv6 DHCP server.

[paulreid99]

Most current routers don't support it

Most people I know have internet routers at home to share their connection that know NOTHING of IPv6. And the translate the address. Nobody with this kind of router is going to pass any IPv6 traffic to the net.

Neither is anyone with a business configured with most current NAT schemes.

I just don't see where all this extra traffic is coming from. Grandma who buys a Vista PC and hooks it directly to the internet with no firewall.

And even then, does her ISP give her an IPv6 address (or pass it along)? Again, it's questionable where all this traffic is coming from.

[rcrusoe]

Plenty of time

Vista might pose a problem some day, but first MS has to ship it,
then people have to purchase hundreds of thousands of copies.

We've been promised Vista for over 5 years and still can't buy it.
And I doubt if many will in the next couple of years.

There's plent of time to work on DNS.

[eartist]

Like fat slowly clogging the veins

Vista will be to the web as saturated fats are to humans. Yes they wont kill you but if you eat to much you will slowly but surely close your pipes. There should be a traffic monitor in place and a fining system setup before the web gets gooey. If you want to slow it down you must pay to upgrade it.

[dburr13]

Y2K II

Maybe this is the Y2K we missed the first time...Can you imagine what the thought of this potential event will do to the price of oil?

[zaznet]

Oh yeah...

I seriously hope you are just kidding. :)

[MadKiwi]

Oh Come on...

Enough with the scare mongering...

"if Vista was all of a sudden deployed everywhere, we'd be having rolling blackouts"

Yeah sure, but that just isn't going to happen in a world where people are still running W95 & W98.

[BillyBrack]

Mockapetris May be Correct, but Nobody is Asking the Right Questions

As usual there is so much Microsoft bashing going on that everybody is missing the point. Microsoft isn?t helping much by going into knee jerk denial mode. It seems the PR people are writing press releases, and nobody is looking at the issue.

What Mockapetris is saying is that DNS servers at the carriers and major ISPs are running at capacity.

Granted Mockapetris is selling industrial strength domain servers suitable for large ISPs and phone companies. Surprise a self serving statement on the internet. I am shocked shocked! (There seems to be gambling going on as well!)

The internet is still growing at a terrible rate even though it is so huge we don?t see it as dramatically.

It took a looooong time for CNET to come up. The stall was most likely due to a slow DNS response as I know I have a fast pipe.

CNET wrote the story so as to make it seem to be Microsoft?s fault that DNS systems are at capacity. The issue isn?t whether adding IPv6 will double DNS queries or just raise them slightly. Mockapetris is saying any increase in DNS load will push things over the edge unless capacity at the server end is increased.

Nobody writing the story interviewed a carrier or large ISP and asked how loaded their DNS servers are. Nobody did any measurements on DNS response times. All I saw was dumb statements from PR types who didn?t have a clue what the question was about.

Microsoft ought to know better. They have a fewcompetent people. The PR people should have found one of them before responding.

I?m sure Mockapetris is delighted that Vista will increase load for DNS. We'd all like to see the problem fixed before net response times get any slower.

DNS Speed

" It took a looooong time for CNET to come up. The stall was most likely due to a slow DNS response as I know I have a fast pipe."

Its unlikely DNS had anything to do with that. CNET is usually one of the slower 'news' sites. Is google coming up just as slow?

[Mr. Network]

Are you kidding?

DNS is thin, runs fast, you'd overload a network connection before a server running DNS. DNS is distributed so if you can't hit one, you hit another.

The slowness you are experiencing could be anything, could be a switch at your ISP overloading, could be the web server at cnet's facility overloading. When it comes to the internet, DNS is the least likely cause of 'slowness'

[Hardrada]

how about some substantiation

especially from a large provider or anyone actually hosting a significant number of public DNS servers - e.g. Yahoo, Qwest, Comcast, Verizon, ... oh, wait -

"Representatives for Comcast, Verizon Communications and EarthLink, all companies with a high-speed Internet access business, were not available to comment on this story."

Even better, there's really no decent technical backgrounder on the issue, so readers who don't really understand the underlying factors get a really skewed and inaccurate perspective on what's going on. I wish CNET would focus more on the technical and less on the sensational.

[Sumatra-Bosch]

The Virus and Worm Attacks Will Crush the Internet During Vistapocalypse

The storm of DDOS attacks by all those zombied machines will just take down the Internet.

The Vistapocalypse Cometh

Robert