9.2.5 db causes high cpu? was: Re: BIND 9.2.5rc1 is now available.
Brad Knowles
brad at stop.mail-abuse.org
Mon Feb 21 20:00:39 UTC 2005
At 4:44 PM +0000 2005-02-21, Paul Vixie wrote:
> that's nonsequitur. the driving issue in recursive nameserver performance
> isn't CPU speed or coding logic, it's RTT to distant nameservers or your
> own upstream network connection. a carefully crafted lab-test of queryperf
> through a recursive server with all the authority zones reachable inside
> the lab network *might* show that two BIND8's are faster than one BIND9,
> but even that's not a given.
In terms of single queries, two copies of BIND 8 would be
somewhat faster than a single copy of BIND 9 (threaded or not), but
you would certainly get higher overall query throughput. I proved
that with my LISA 2002 invited talk, where I compared BIND 8 against
BIND 9 and Nominum ANS and CNS, in both caching/recursive and
authoritative-only modes.
For serving the root zone, after making sure that the cache was
fully primed, I found that BIND-8 could handle ~490 queries per
second, while BIND-9 did ~318. In contrast, CNS did 777 qps. For
serving the .tv zone, after making sure it was fully cached, I found
that BIND-8 did ~91 qps, BIND-9 did ~55, and CNS did ~110.
Generally speaking, CNS has twice the overall throughput as
BIND-9, and anywhere from 17% to 59% more than BIND-8. I am
convinced that most of that comes down to internal architectural
differences.
> BIND8's retry logic is very different from
> BIND9's, and a given query might be answered in far more or far less time
> under stress conditions on one of these servers than on the other.
Retry logic and remote network delays will dominate the
performance of individual queries, that's true. But peak throughput
and overall capacity are going to be greatly influenced by internal
architecture.
One big advantage that CNS brings to the table is that it
sanitizes DNS query responses, making sure that technically legal
responses that might cause problems for other nameservers get
"cleaned" before being passed on. This is the only nameserver on the
market I know of that includes this query sanitization routine.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the bind-workers
mailing list