BIND server dimensioning

Bill Larson wllarso at swcp.com
Tue May 15 16:06:39 UTC 2001 

Given Brad's explaination, which is absolutely correct, why not try and
provide your users with a farm of DNS servers rather than provide only
a single server.  This way you can break up your 1000-3000 queries/sec
into a more easily managed 100-300 queries/sec/server, if you provide 10
servers.

This would assist your users by avoiding a possible single point of
failure when one (or more) of your DNS servers are unavailable.

Also, if you are expecting to be receiving this many queries from a web
server that is performing reverse, in-addr.arpa, lookups, an effective
solution would be to avoid these DNS lookups simply for logging
purposes.  You can summarize your logs and then  perform these queries
only for the addresses that you are seriously interested in rather than
everything, which may not buy you much.

Bill Larson

> At 12:12 PM +0000 5/15/01, Laurent Perruche wrote:
> 
> >  I'd like to know if there are some tips for designing a BIND server (on
> >  Solaris) that can handle :
> >  - about 3000 requests/second
> >  - about 1000 requests/second
> >  Did someone built such servers ? What hardware did you use (RAM, CPU...) ?
> >
> >  I'd like that my DNS service is available at 99.995%. What is the
> >  architecture I have to use ?
> >
> >  I know that it may be hard to answer, but if some of you could describe me
> >  their experiences in deploying BIND Solaris servers, it would be great.
> 
> 	I don't know of anyone who has specifically done these things 
> with Solaris.  However, you can read Rick Jones' papers on how they 
> did these things with HP-UX -- see 
> <ftp://ftp.cup.hp.com/dist/networking/briefs/>.  You should also look 
> at RFC 2870 <http://www.faqs.org/rfcs/rfc2870.html>.
> 
> 	I am not personally aware of anyone that is doing even 1000 
> queries per second with a Sun/Solaris box, but it is possible that 
> one of the root nameservers is running Solaris.  If you can find out 
> which one might be running Solaris, you can ask them what they did 
> and how they configured their machine.
> 
> 
> 	That said, it will depend greatly on the type of queries you're 
> doing -- it's not too hard to handle 2000 queries per second when you 
> are running an authoritative-only server, but it is much, much harder 
> to handle 2000 queries per second when you're running a caching-only 
> server.
> 
> 	The former is pretty much entirely within your control, and you 
> can add more memory, faster disks, etc... to keep up with the load. 
> The latter is going to be largely dependant on the latency and 
> connectivity between you and the remote nameservers, and that's 
> really going to seriously cripple your expected throughput in a 
> real-world situation.
> 
> -- 
> Brad Knowles, <brad.knowles at skynet.be>
> 
> /*        efdtt.c  Author:  Charles M. Hannum <root at ihack.net>          */
> /*       Represented as 1045 digit prime number by Phil Carmody         */
> /*     Prime as DNS cname chain by Roy Arends and Walter Belgers        */
> /*                                                                      */
> /*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob        */
> /*   where title-key = "153 2 8 105 225" or other similar 5-byte key    */
> 
> dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
> 
>

More information about the bind-users mailing list