Will Vista stall Net traffic?

Thanks to new directory software, Windows Vista could put a greater load on Internet servers. But experts disagree over whether we're headed for a prime-time traffic jam or insignificant slowdown. Microsoft's launch of Windows Vista could slow down or stall traffic on the Net, said Paul Mockapetris, who is widely credited with inventing the Internet's Domain Name System (DNS). Mockapetris believes Vista's introduction will cause a surge in DNS traffic because the operating system supports two versions of the Internet Protocol, a technology standard used to send information over computer networks.

"It is going to be mud season on the Internet, where things will just be kind of slow and gooey." --Paul Mockapetris, DNS inventor "If you adopt Vista, your DNS traffic is going to double," Mockapetris said in an interview. With many DNS servers already running close to capacity, this can have serious consequences, he said. "You're going to see brownouts. All of a sudden, it is going to be mud season on the Internet, where things will just be kind of slow and gooey."

If something does go wrong though, it will be on the DNS servers shoulders, because they knew this was coming.

I wonder if it will be possible to turn off this behavior. My RedHat boxes have supported IPv6 for quite a while now, but it is user configurable. If your network is not migrating to IPv6, it makes little sense to be banging your servers for AAAA addresses.

One other consequence to the way MS-Vista is going to be generating DNS packets is that you'll no longer be able to block port 53/TCP at your firewalls.

This is a security mechanism implemented in many places because DNS queries are supposed to be sent as UDP packets. Problem is, with the new naming scheme, the packets are going to be too big to be sent as UDP, so they'll go out as TCP packets instead.

Why is this a big deal? Well, TCP and UDP work in a fundamentally different way. UDP is basically a "fire and forget" technology. You sent a UDP packet into the cloud, and if it gets there, it gets there, and you get a response. There is no followup from the sender.

With TCP data packets, it is a managed transmission, where the sender sends, and the reciever acknowledges. This prevents data from being lost. It's actually a bit more complicated than this, but this is a good working description in a nutshell.

Currently with DNS servers, some types of services, such as zone transfers and the like are sent via TCP. What this means from the point of security, is that in addition to specifying in your Bind configuration which servers you will allow to request entire zones from you, you can also specify rules in firewalls on a default deny rule, meaning that any request on TCP to a given server is denied by default unless is from a specified list. This make it a little bit easier to secure a server. Given how important it is for DNS servers to be secured, because so much communication depends upon them, one would think you would do what you can to maintain that security.

This is a massive oversimplification but is a good working starting point for those who are unfamiliar with these things.

Fraudsters and mischief makers are developing more insidious techniques for tricking users into visiting bogus websites. Rather than using spam to con prospective victims into clicking their way to illicit sites - so called phishing attacks - internet ne'er-do-wells are using DNS poisoning or domain hijacks to redirect users to dodgy urls.

The trick - dubbed pharming - is potentially more sinister than phishing because it avoids the need to coax users into responding to junk email alerts.

I had Vista installed a bit longer - long enough to find out that the most common wireless network adapter on the planet isn't compatible - the standard linksys USB adapter.

Add to that the lack of drivers for my video card (but the degraded version that is installed on laptops /is/ supported...), etc. Well, I figured, fine, let's give Vista everything it wants...

Tore apart the computer, tossed in pieces from other machines that had working drivers, put it all back together and then ran it once again... Sluggish, defaults absolutely inane, a zillion 'are you sure prompts' - after trying out a couple games (two worked, four didn't), I just gave up and am now holding for my activation phone call, because alas, this was the fourth time I've re-installed windows on this particular computer and I have to convince a human to let me use the software I paid for.

Honestly, I'd make this yet another unix machine if it weren't for a couple games that the kid likes to play.

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.