Hi,
I've been doing some throughput testing of BIND for both signed and non-signed
zones of various sizes and have noticed some odd behaviour.
Using the 'dnsperf' tool to perform the testing, I see that smaller (signed)
zones perform considerably worse than larger zones when queried with +DO.
I'm using 10 data points, but will only show 4 here as they indicate the
extremes. The number is of unsigned delegations before signing, with 0.05% DS
records. The zones were signed with NSEC3/OptOut, 10 iteration salt.
All tests were performed from the same number of client machines against the
same name server using the same signed zones.
No. of RRs | -DO | +DO
1,000 | 244,525 13.29% | 126,644 22.79%
1,000,000 | 242,601 13.39% | 125,973 22.88%
3,700,000 | 243,023 13.36% | 239,417 13.54%
20,000,000 | 240,740 13.48% | 238,346 13.60%
As can be seen, the -DO query rates are fairly stable across the different zone
sizes (the %'s are failed queries, expected given the number of test clients).
The +DO query rates however for the smaller zones is almost half the throughput
of the larger zones.
This behaviour is the inverse of what I'd expect. I was wondering if anybody
knew of any known issue to this effect.
The following are my dnsperf command lines:
# dnsperf -f inet -s x.x.x.x -d <zone-size>.list -c 400 -l 60 -t 0.5 -q 500
# dnsperf -f inet -s x.x.x.x -d <zone-size>.list -c 400 -l 60 -t 0.5 -q 500 -D
With the thought that I was overloading the server, I tried less clients, less
'-q', but the number stays fairly consistent around the 120K/s mark (even when
the failures drop down to below 1%).
I'm currently using the RedHat maintained 9.8 series of BIND. If there is no
known issue, I'll have to come up with some other way for maintaining
up-to-date builds on our systems.
Thanks for reading this far. ;)
Odds and Ends:
- Yes, tests were performed over a public network; repeated tests show this
wasn't the cause
- Network was at least 1Gbit between test sites
- Configured as an auth-only server (recursion no). The rest of configuration
available on request.
Stuart J. Browne
Senior Unix Administrator, Network Administrator, Database Administrator
AusRegistry Pty Ltd
Level 8, 10 Queens Road
Melbourne. Victoria. Australia. 3004.
Ph: +61 3 9866 3710
Fax: +61 3 9866 1970
Email: stuart.bro...@ausregistry.com.au
Web: www.ausregistry.com.au
The information contained in this communication is intended for the named
recipients only. It is subject to copyright and may contain privileged and/or
confidential information. If you are not an intended recipient you must not
use, copy, distribute or take any action in reliance on it. If you have
received this communication in error, please delete all copies from your system
and notify us immediately.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
