[bind10-dev] Evaluation of BIND 10 1.0.0

JINMEI Tatuya / 神明達哉 jinmei at isc.org
Wed Apr 10 22:03:03 UTC 2013 

At Wed, 10 Apr 2013 22:02:50 +0900,
Yoshitaka Aharen <aharen at jprs.co.jp> wrote:

> We have evaluated the most recent release, BIND 10 1.0.0.

Thanks for the detailed experiment and evaluation.
> 
> * Evaluation Environment
> CPU:    AMD Opteron 275 processor x 2
> Memory: 8GB
> HDD:    SATA 1.5Gbps 250GB
> OS:     CentOS 6.3 amd64
> BIND 10 configuration:
>         Auth module x 4, Boss, Xfrin, Xfrout, Stats, Zonemgr
>         Configured to receive real .jp zone update
> 
> * Functional requirements
> We have compared the response with BIND 9 (BIND 9.9.2-P1).
> BIND 10 1.0.0 satisfies functional requirements as JP DNS server. It can
> receive jp zone with AXFR/IXFR and respond to DNS requests as an
> authoritative server with DNSSEC (NSEC3 opt-out) supported. We found
> that BIND 10 includes NS and their glue records in response for DNSKEY
> query, while BIND 9 doesn't since BIND 9.6 (CHANGES 2427).

BIND 10 (currently) doesn't support any form of minimal-responses in
the first place.  Implementing it shouldn't be difficult.  It's just a
matter of the need and priority.  Out of curiosity, do you find that
feature of BIND 9 useful or important, or is this just a difference
you happen to notice?

> * Performance requirements
> BIND 10 1.0.0 satisfies query performance requirements as JP DNS server.
> It can respond to DNS queries with DO bit 30% more per second than BIND
> 9.

While maximizing response performance wouldn't be a no.1 priority of
b10-auth, I believe it's not very difficult to make it faster
especially with DNSSEC if we complete #2286, #2336, #2337 and #2288.
But I guess response performance is not a problem for you even with
BIND 9, so if b10-auth can run faster than that it wouldn't be that
important to try to make it even faster.

> We found that Xfrin fails to receive IXFR and fallback to AXFR while
> Xfrout is processing AXFR out. Sometimes it is required to do AXFR from
> DNS server to check the zone is consistent. It's good not to fail to
> receive IXFR, or at least not to fallback to AXFR while Xfrout is
> running.

This may be the trickiest one, and I agree we need to provide some
solution soonish.

---
JINMEI, Tatuya
Internet Systems Consortium, Inc.

More information about the bind10-dev mailing list