Nameserver performance (was: Re: Bind 9.1.3 stop resolving but is still running.)

Brad Knowles brad.knowles at skynet.be
Sun Sep 9 21:39:31 UTC 2001 

At 11:15 PM +0200 9/9/01, Brad Knowles wrote:

>  	Okay, so this is a completely and totally unscientific test.  No
>  one anywhere is going to argue with that statement.  But I still find
>  it very interesting that by *far* the fastest nameserver for the
>  tinydns.org domain is one that is running BIND 8, and moreover is a
>  public recursive/caching nameserver to boot.

	As an interesting aside, it appears that NS.CRYNWR.COM is not 
behind any kind of a firewall:

% nmap -sT -F -P0 NS.CRYNWR.COM.
The TCP connect scan took 36 seconds to scan 1062 ports.
Interesting ports on ns.crynwr.com (192.203.178.2):
(The 1051 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp
22/tcp     open        ssh
23/tcp     open        telnet
25/tcp     open        smtp
37/tcp     open        time
53/tcp     open        domain
79/tcp     open        finger
110/tcp    open        pop-3
113/tcp    open        auth
209/tcp    open        tam
515/tcp    open        printer

Final times for host: srtt: 1567595 rttvar: 121306  to: 2052819
Nmap run completed -- 1 IP address (1 host up) scanned in 36 seconds

	Whereas ANGEL.HEAVEN.NET does:

% nmap -sT -F -P0 ANGEL.HEAVEN.NET.
The TCP connect scan took 383 seconds to scan 1062 ports.
Interesting ports on angel.heaven.net (198.69.28.2):
(The 1061 ports scanned but not shown below are in state: filtered)
Port       State       Service
53/tcp     open        domain

Final times for host: srtt: 27560 rttvar: 27560  to: 300000
Nmap run completed -- 1 IP address (1 host up) scanned in 384 seconds


	Now, it would seem to me that the firewalling would be likely to 
increase the latency of answering the DNS queries, and if it's being 
done on the nameserver itself, significantly increase the load on the 
machine.  Yet, the machine that is firewalled is the one that has 
apparently been the considerably faster of the two machines.

	Interesting.  Very interesting.  I have no idea what it means, 
but it's very interesting anyway.

-- 
Brad Knowles, <brad.knowles at skynet.be>

H4sICIFgXzsCA2RtYS1zaWcAPVHLbsMwDDvXX0H0kkvbfxiwVw8FCmzAzqqj1F4dy7CdBfn7
Kc6wmyGRFEnvvxiWQoCvqI7RSWTcfGXQNqCUAnfIU+AT8OZ/GCNjRVlH0bKpguJkxiITZqes
MxwpSucyDJzXxQEUe/ihgXqJXUXwD9ajB6NHonLmNrUSK9nacHQnH097szO74xFXqtlbT3il
wMsBz5cnfCR5cEmci0Rj9u/jqBbPeES1I4PeFBXPUIT1XDSOuutFXylzrQvGyboWstCoQZyP
dxX4dLx0eauFe1x9puhoi0Ao1omEJo+BZ6XLVNaVpWiKekxN0VK2VMpmAy+Bk7ZV4SO+p1L/
uErNRS/qH2iFU+iNOtbcmVt9N16lfF7tLv9FXNj8AiyNcOi1AQAA

More information about the bind-users mailing list