[bind10-dev] Evaluation of BIND 10 1.0.0
Yoshitaka Aharen
aharen at jprs.co.jp
Wed Apr 10 13:02:50 UTC 2013
Hello,
We have evaluated the most recent release, BIND 10 1.0.0.
* Evaluation Environment
CPU: AMD Opteron 275 processor x 2
Memory: 8GB
HDD: SATA 1.5Gbps 250GB
OS: CentOS 6.3 amd64
BIND 10 configuration:
Auth module x 4, Boss, Xfrin, Xfrout, Stats, Zonemgr
Configured to receive real .jp zone update
* Functional requirements
We have compared the response with BIND 9 (BIND 9.9.2-P1).
BIND 10 1.0.0 satisfies functional requirements as JP DNS server. It can
receive jp zone with AXFR/IXFR and respond to DNS requests as an
authoritative server with DNSSEC (NSEC3 opt-out) supported. We found
that BIND 10 includes NS and their glue records in response for DNSKEY
query, while BIND 9 doesn't since BIND 9.6 (CHANGES 2427).
* Performance requirements
BIND 10 1.0.0 satisfies query performance requirements as JP DNS server.
It can respond to DNS queries with DO bit 30% more per second than BIND
9.
However, BIND 10 1.0.0 does not satisfy zone update performance
requirements. It takes 2.8 minutes in average to complete zone update
with IXFR. In the same case it only takes less than a second with BIND 9.
It takes about 3 hours to complete zone update in case the number of
updated records is about 27,000. It is longer than zone update with
AXFR; it takes about 5.5 minutes in average. Recently it has been
significantly improved in master (ticket #2877, ChangeLog 601). We hope
it will be included in the release sooner.
* Operational requirements
BIND 10 1.0.0 works well for over 1 months without unexpected process
termination.
Current CLI is not easy to use. It is not easy to check and record the
difference of configuration between changes. It is not easy to add
hundreds of zones. It is not easy to check whole configuration. It will
be a problem when deploying a configuration to some servers.
Query logging and showing status of a server like as "rndc status" is
not implemented.
The documentation was enough to install and configure BIND 10 with small
number of slave zones for the people familiar with DNS. It may be good
to add some documentation for troubleshooting; showing what to do when
encountered an error.
We found that Xfrin fails to receive IXFR and fallback to AXFR while
Xfrout is processing AXFR out. Sometimes it is required to do AXFR from
DNS server to check the zone is consistent. It's good not to fail to
receive IXFR, or at least not to fallback to AXFR while Xfrout is
running.
We also found that log file is sometimes corrupted when maxsize and
maxver is set and logger is busy; log file rotation occurs very
frequently and older logs are overwritten. The size of the logfiles were
not reached to maxsize. It may be related to ticket #1622.
Thanks,
--
Yoshitaka Aharen <aharen at jprs.co.jp>
Japan Registry Services Co., Ltd.
More information about the bind10-dev
mailing list