Performance Test Metrics for dns server performance.
Brad Knowles
brad.knowles at skynet.be
Fri May 4 23:31:20 UTC 2001
At 2:57 PM -0600 5/4/01, Matt Simerson wrote:
> I'm building an enterprise dns solution. This solution will need to pass a
> QA performance evaluation. Our QA lab doesn't have anything well defined for
> how to test so I need to define a set of test metrics. The things we'll be
> testing is running BIND 8 and djbdns on three platforms and comparing
> security, performance, and reliability.
In Message-Id <200104041440.IAA27131 at llama.swcp.com>, Bill Larson
<wllarso at swcp.com> mentions tools like the Perl script known as
"mresolv2", written by Mark Fuhr (of the Perl Net::DNS module fame)
and available at <http://www.fuhr.org/~mfuhr/perldns/>.
There is also the "netperf" tool developed by Rick Jones at HP
(see
<ftp://ftp.cup.hp.com/dist/networking/briefs/named_performance.txt>
for more information).
> I've spend the last couple days spending a lot of time scouring the net for
> methodologies for testing dns server performance. From all that I've settled
> on what I think is a pretty reliable set of test metrics. Dnsfilter seems to
> be the only tool out there that is designed kick a name server in jaw so
> I've given it a first go round. For now the focus is on performance so I
> figure three seperate tests would be appropriate:
I strongly suggest that you read the various DNS & BIND related
articles that Rick Jones has made available at
<ftp://ftp.cup.hp.com/dist/networking/briefs/>. After reading these
articles, you should have a much better idea of how to really stress
test your nameservers.
That said, I would encourage you to also look at things like
IPv6, DNSSEC, running the servers in a chroot() environment, etc....
If you do other searches in the archives for this list, you will
find some comments that I have made regarding djbdns and dnscache. I
won't repeat them here, but suffice it to say that I do not believe
that these programs are suitable for use in a production network, due
to their lack of support for certain features, aspects of the
protocol, etc....
That said, you obviously have to make up your own mind with
regards to these issues.
> BIND 8.2.3-REL - 6-8MB - 90,112 requests
> 1,000 1144 18,966 5,203 47,638
> 10,000 1157 14,299 4,899 54,236
> 100,000 1200 12,771 5,185 56,575
If you look at
<ftp://ftp.cup.hp.com/dist/networking/briefs/dns_server_results.txt >,
you will note that Rick Jones was able to get over twelve thousand
queries per second handled by BIND 8.2.2-P15, and never saw less than
3500 queries per second with a stock implementation of BIND on an HP
L2000 with one 440Mhz processor.
This seems to me to be a much, much, much higher query rate per
second than you saw (~10.6425 to ~16.5 per second?!?), and I don't
understand why. If you were to see the kinds of rates Rick was able
to achieve, you should have had 90,000 queries answered in about 7.5
seconds. Perhaps if you read the paper yourself (and the others in
the same directory), you can figure out why you saw such low query
rates.
> Again, these are intitial tests, designed only to evaluate test
> methodologies and to determine an accurate way to measure DNS server
> performance. Does this sound like a reasonable way to test? Is there a
> better way? Any suggestions or comments are welcome.
I would also suggest that you be working with the latest release
candidate for BIND 9.1.2 (currently at RC1) instead of BIND 8.2.3, or
at the very least the latest release candidate for BIND 8.2.4
(currently at T1B).
Of course, version 9 is the future of BIND, and if you are going
to be using BIND, it would probably be in your best interest to work
with it instead of the previous version, which is basically EOL.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list