On 07. 02. 20 10:51, James Stevens wrote: >> - You would be surprised how slow UDP packet processing in kernel can be ;-) > > Often UDP slowness is due to the fact that each packet requires a > context-switch from kernel to user-space, and back for the reply.
To be less vague: Knot DNS spends about 40 % of time waiting for UDP handling in kernel. > > So the bottleneck on a DNS server is generally how fast the CPU can context > switch, and this often had a hardwired limit. In that you can top out the > packet throughput with the CPU still showing %idle. > > I believe there is (or has been) a dev going on in the kernel to fix this. > > I might be behind the curve, I've not looked into it for a bit. > >> Algorithm 8 or 13 both seem like plausible targets, but opinions from the >> community would be very welcome. > > I recently had to help a client make this exact same decision. > > We felt they'd probably want to move to 13 one day and one move is lower risk > than two. > > It benefits from smaller UDP packets, big packets can become a problem (esp > in v6), so we went for 13. > > Changing algorithm is not fun. Maybe you do not use the right software :-) With right automation it is just matter of changing alg. specification + DS change at parent. See https://www.knot-dns.cz/docs/2.9/singlehtml/#automatic-ksk-and-zsk-rollovers-example (It works equally well for alg rollovers.) Petr Špaček @ CZ.NIC _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
