9.2.5 db causes high cpu? was: Re: BIND 9.2.5rc1 is now available.

Brad Knowles brad at stop.mail-abuse.org
Mon Feb 21 20:00:39 UTC 2005

At 4:44 PM +0000 2005-02-21, Paul Vixie wrote:

>  that's nonsequitur.  the driving issue in recursive nameserver performance
>  isn't CPU speed or coding logic, it's RTT to distant nameservers or your
>  own upstream network connection.  a carefully crafted lab-test of queryperf
>  through a recursive server with all the authority zones reachable inside
>  the lab network *might* show that two BIND8's are faster than one BIND9,
>  but even that's not a given.

	In terms of single queries, two copies of BIND 8 would be 
somewhat faster than a single copy of BIND 9 (threaded or not), but 
you would certainly get higher overall query throughput.  I proved 
that with my LISA 2002 invited talk, where I compared BIND 8 against 
BIND 9 and Nominum ANS and CNS, in both caching/recursive and 
authoritative-only modes.

	For serving the root zone, after making sure that the cache was 
fully primed, I found that BIND-8 could handle ~490 queries per 
second, while BIND-9 did ~318.  In contrast, CNS did 777 qps.  For 
serving the .tv zone, after making sure it was fully cached, I found 
that BIND-8 did ~91 qps, BIND-9 did ~55, and CNS did ~110.

	Generally speaking, CNS has twice the overall throughput as 
BIND-9, and anywhere from 17% to 59% more than BIND-8.  I am 
convinced that most of that comes down to internal architectural 

>                                BIND8's retry logic is very different from
>  BIND9's, and a given query might be answered in far more or far less time
>  under stress conditions on one of these servers than on the other.

	Retry logic and remote network delays will dominate the 
performance of individual queries, that's true.  But peak throughput 
and overall capacity are going to be greatly influenced by internal 

	One big advantage that CNS brings to the table is that it 
sanitizes DNS query responses, making sure that technically legal 
responses that might cause problems for other nameservers get 
"cleaned" before being passed on.  This is the only nameserver on the 
market I know of that includes this query sanitization routine.

Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.

More information about the bind-workers mailing list