how to do a test with heavy load?

Jim Reid jim at rfc1035.com
Sun Sep 5 23:20:39 UTC 2004 

>>>>> "Marten" == Marten Lehmann <lehmann at cnm.de> writes:

    Marten> Hello, sometimes strange DNS-errors occur in my system of
    Marten> firewalled webservers and firewalled
    Marten> caching-nameservers. For example: A webserver needs to
    Marten> lookup a domain name for a mysql-server and gets a "host
    Marten> not found".  Some minutes later, everything works fine
    Marten> again. Same for mailservers.  Our caching nameservers are
    Marten> running with query-source * 53. Is it possible that this
    Marten> is a bottleneck? 

No. The port number used for making queries can have no bearing
whatsoever on a name server's throughput.

However you may have a broken firewall that either drops DNS traffic
when the packet rates get "too high" or insists DNS queries use a
specific port number or range. If that's the case, fix it.

    Marten> Could bind resolve queries more reliable if it can use
    Marten> random ports for every query? 

No. See above.

If anything, randomising the port number for each query will actually
make things less reliable. Using a random port for each query will
*reduce* throughput. The name server would have to create a socket and
bind it to some port number before the server could use it to send a
query. Plus yet another system call to discard the socket after the
query was over. And for high query loads, it's not just the overheads
of an extra 2-3 system calls per query with a randomised port number.
The OS maintains a list of protocol control blocks (PCBs), one per
active socket. As the number of sockets in use increase, the OS has to
do more work to manage its list of PCBs. There's also a real risk that
the name server will run out of file descriptors (sockets) by having
randomised port numbers for each query. Randomising the port number
for queries can also annoy stateful firewalls that keep track of the
port number of an outbound query so that only the answer to that query
is allowed back in. Too many port numbers being used for outbound DNS
queries at once may well exceed the capacity or configuration limits
of such firewalls.

    Marten> How can I run a test under heavy load to reporduce this behaviour?

Try playing with queryperf. It's in BIND9's contrib tree.

More information about the bind-users mailing list