Throughput drop using smaller zones

Thu Feb 28 04:48:11 UTC 2013

Hi,

I've been doing some throughput testing of BIND for both signed and non-signed zones of various sizes and have noticed some odd behaviour.

Using the 'dnsperf' tool to perform the testing, I see that smaller (signed) zones perform considerably worse than larger zones when queried with +DO.

I'm using 10 data points, but will only show 4 here as they indicate the extremes.  The number is of unsigned delegations before signing, with 0.05% DS records.  The zones were signed with NSEC3/OptOut, 10 iteration salt.

All tests were performed from the same number of client machines against the same name server using the same signed zones.

No. of RRs |       -DO      |       +DO	
     1,000 | 244,525 13.29% | 126,644 22.79%
 1,000,000 | 242,601 13.39% | 125,973 22.88%
 3,700,000 | 243,023 13.36% | 239,417 13.54%
20,000,000 | 240,740 13.48% | 238,346 13.60%

As can be seen, the -DO query rates are fairly stable across the different zone sizes (the %'s are failed queries, expected given the number of test clients).  The +DO query rates however for the smaller zones is almost half the throughput of the larger zones.

This behaviour is the inverse of what I'd expect.  I was wondering if anybody knew of any known issue to this effect.

The following are my dnsperf command lines:
# dnsperf -f inet -s x.x.x.x -d <zone-size>.list -c 400 -l 60 -t 0.5 -q 500
# dnsperf -f inet -s x.x.x.x -d <zone-size>.list -c 400 -l 60 -t 0.5 -q 500 -D

With the thought that I was overloading the server, I tried less clients, less '-q', but the number stays fairly consistent around the 120K/s mark (even when the failures drop down to below 1%).

I'm currently using the RedHat maintained 9.8 series of BIND.  If there is no known issue, I'll have to come up with some other way for maintaining up-to-date builds on our systems.

Thanks for reading this far. ;)

Odds and Ends:
- Yes, tests were performed over a public network; repeated tests show this wasn't the cause
- Network was at least 1Gbit between test sites
- Configured as an auth-only server (recursion no).  The rest of configuration available on request.

Stuart J. Browne
Senior Unix Administrator, Network Administrator, Database Administrator
AusRegistry Pty Ltd
Level 8, 10 Queens Road
Melbourne. Victoria. Australia. 3004.
Ph:  +61 3 9866 3710
Fax: +61 3 9866 1970
Email: stuart.browne at ausregistry.com.au
Web: www.ausregistry.com.au

The information contained in this communication is intended for the named recipients only. It is subject to copyright and may contain privileged and/or confidential information. If you are not an intended recipient you must not use, copy, distribute or take any action in reliance on it. If you have received this communication in error, please delete all copies from your system and notify us immediately.