Performance Test Metrics for dns server performance.

Brad Knowles brad.knowles at skynet.be
Fri May 4 23:31:20 UTC 2001


At 2:57 PM -0600 5/4/01, Matt Simerson wrote:

>  I'm building an enterprise dns solution. This solution will need to pass a
>  QA performance evaluation. Our QA lab doesn't have anything well defined for
>  how to test so I need to define a set of test metrics. The things we'll be
>  testing is running BIND 8 and djbdns on three platforms and comparing
>  security, performance, and reliability.

	In Message-Id <200104041440.IAA27131 at llama.swcp.com>, Bill Larson 
<wllarso at swcp.com> mentions tools like the Perl script known as 
"mresolv2", written by Mark Fuhr (of the Perl Net::DNS module fame) 
and available at <http://www.fuhr.org/~mfuhr/perldns/>.

	There is also the "netperf" tool developed by Rick Jones at HP 
(see 
<ftp://ftp.cup.hp.com/dist/networking/briefs/named_performance.txt> 
for more information).

>  I've spend the last couple days spending a lot of time scouring the net for
>  methodologies for testing dns server performance. From all that I've settled
>  on what I think is a pretty reliable set of test metrics. Dnsfilter seems to
>  be the only tool out there that is designed kick a name server in jaw so
>  I've given it a first go round. For now the focus is on performance so I
>  figure three seperate tests would be appropriate:

	I strongly suggest that you read the various DNS & BIND related 
articles that Rick Jones has made available at 
<ftp://ftp.cup.hp.com/dist/networking/briefs/>.  After reading these 
articles, you should have a much better idea of how to really stress 
test your nameservers.

	That said, I would encourage you to also look at things like 
IPv6, DNSSEC, running the servers in a chroot() environment, etc....


	If you do other searches in the archives for this list, you will 
find some comments that I have made regarding djbdns and dnscache.  I 
won't repeat them here, but suffice it to say that I do not believe 
that these programs are suitable for use in a production network, due 
to their lack of support for certain features, aspects of the 
protocol, etc....

	That said, you obviously have to make up your own mind with 
regards to these issues.

>    BIND 8.2.3-REL - 6-8MB - 90,112 requests
>    1,000          1144      18,966         5,203          47,638
>    10,000         1157      14,299         4,899          54,236
>    100,000        1200      12,771         5,185          56,575

	If you look at 
<ftp://ftp.cup.hp.com/dist/networking/briefs/dns_server_results.txt >, 
you will note that Rick Jones was able to get over twelve thousand 
queries per second handled by BIND 8.2.2-P15, and never saw less than 
3500 queries per second with a stock implementation of BIND on an HP 
L2000 with one 440Mhz processor.

	This seems to me to be a much, much, much higher query rate per 
second than you saw (~10.6425 to ~16.5 per second?!?), and I don't 
understand why.  If you were to see the kinds of rates Rick was able 
to achieve, you should have had 90,000 queries answered in about 7.5 
seconds.  Perhaps if you read the paper yourself (and the others in 
the same directory), you can figure out why you saw such low query 
rates.

>  Again, these are intitial tests, designed only to evaluate test
>  methodologies and to determine an accurate way to measure DNS server
>  performance. Does this sound like a reasonable way to test? Is there a
>  better way? Any suggestions or comments are welcome.

	I would also suggest that you be working with the latest release 
candidate for BIND 9.1.2 (currently at RC1) instead of BIND 8.2.3, or 
at the very least the latest release candidate for BIND 8.2.4 
(currently at T1B).

	Of course, version 9 is the future of BIND, and if you are going 
to be using BIND, it would probably be in your best interest to work 
with it instead of the previous version, which is basically EOL.

-- 
Brad Knowles, <brad.knowles at skynet.be>

/*        efdtt.c  Author:  Charles M. Hannum <root at ihack.net>          */
/*       Represented as 1045 digit prime number by Phil Carmody         */
/*     Prime as DNS cname chain by Roy Arends and Walter Belgers        */
/*                                                                      */
/*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob        */
/*   where title-key = "153 2 8 105 225" or other similar 5-byte key    */

dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'


More information about the bind-users mailing list