Request for review of performance advice
he at uninett.no
Thu Jul 9 20:25:05 UTC 2020
> OS settings and the system environment
> 2e) Make sure your socket send buffers are big enough. (not
> sure if this is obsolete advice, do we need to tell people how
> to tell if their buffers are causing delays?)
2e#1) Make sure your UDP socket *receive* buffers are big enough.
If on BSD, monitor for "dropped due to full socket buffers"
count in "netstat -s" output, and tune accordingly. Note that
this may be a symptom of mis-tuning of other parts of BIND,
causing excessive CPU usage, which may contribute to this
BTW, unbound has configuration options ("so-rcvbuf" / "so-sndbuf")
to tune these for only the name server; when I earlier looked for
something similar in BIND I could not find a corresponding option,
so had to do a system-wide tuning via sysctl, which isn't ideal, but
solved the problem in my case.
> named Features
> 3a) Minimize logging. Query logging is expensive (can cost you
> 20% or more of your throughput) so don't do it unless you
> are using the logs for something. Logging with dnstap is
> lower impact, but still fairly expensive. Don't run in
> debug mode unless necessary.
3a#1) Do not configure BIND with --enable-querytrace. It most
probably doesn't do what you might think it does, and is a
major drag on performance.
See above under the new "2e#1" for a possible symptom...
> 4b) Set an appropriate MTU for your network. Ensure that your
> network infrastructure supports EDNS and large UDP responses up
> to 4096. Ensure that your network infrastructure allows transit
> for and reassembly of fragmented UDP packets (these will be
> large query responses if you are DNSSEC signing)
Well, isn't the major goal of DNS Flag Day 2020 to eliminate
fragmentation for various reasons (some of them security-related),
and recommends to set EDNS buffer size to 1232 instead of letting it
be the present default of BIND of 4096?
More information about the bind-users