DNS zone query data

David L. Aldridge dlac at aldridge.com
Mon Jan 7 18:22:22 PST 2008 

Kris
I may be able to help you. 
Call me tomorrow. 713-403-9150.  Or email me with questions. 
Dave
http://www.aldridge.com/


----- Original Message -----
From: owner-freebsd-performance at freebsd.org <owner-freebsd-performance at freebsd.org>
To: Kris Kennaway <kris at freebsd.org>
Cc: performance at freebsd.org <performance at freebsd.org>
Sent: Mon Jan 07 19:22:52 2008
Subject: Re: DNS zone query data

Hi, Kris--

  Jan 5, 2008, at 6:14 PM, Kris Kennaway wrote:
> Some months ago someone on this list offered to provide to me a data  
> set of DNS query data and the corresponding zone file for  
> benchmarking of BIND performance as an authoritative server.   
> Unfortunately I have lost the email and forgot who it was who made  
> the offer :)  If it was you, please contact me again privately as I  
> would like to proceed with this.


Was it this thread:

Begin forwarded message:
> From: Chuck Swiger <cswiger at mac.com>
> Date: June 4, 2007 1:21:51 PM PDT
> To: Kris Kennaway <kris at obsecurity.org>
> Cc: Doug Barton <dougb at FreeBSD.org>, freebsd-current at freebsd.org
> Subject: Re: HEADS UP: BIND 9.4.1 imported
> On Jun 2, 2007, at 7:27 PM, Kris Kennaway wrote:
>>> For the vast majority of users, this should be a noop. Please test,
>>> especially if you have a heavier loaded name server, and report any
>>> issues.
>>
>> Also I'll remark that we remain very interested in getting access to
>> either a busy nameserver or the data stream from one, in order to
>> profile FreeBSD kernel activity and look for places to optimize
>> performance.
>
> I've mentioned this before, but the dns/adns port provides some  
> handy utilities for putting a DNS server under high loads.
>
> Something like the following command will generate anywhere from 200  
> queries/sec to 1500+ queries/sec, depending on the IPs involved in  
> the logfile you use, and how rapidly the remote nameservers respond:
>
>  /usr/local/bin/adnslogres -c 500 < /var/log/httpd-access.log >! / 
> var/log/httpd-access.log.dns
>
> -- 
> -Chuck

	-----

Begin forwarded message:
> From: Chuck Swiger <cswiger at mac.com>
> Date: June 14, 2007 4:53:01 PM PDT
> To: Kris Kennaway <kris at obsecurity.org>
> Cc: performance at FreeBSD.org, smp at FreeBSD.org, current at FreeBSD.org
> Subject: Re: BIND 9.4.1 performance on FreeBSD 6.2 vs. 7.0
>
> Hi, Kris--
>
> This was interesting, thanks for putting together the testing and  
> graphs.
>
> On Jun 14, 2007, at 1:48 AM, Kris Kennaway wrote:
>> I have been benchmarking BIND 9.4.1 recursive query performance on an
>> 8-core opteron, using the resperf utility (dns/dnsperf in ports).   
>> The
>> query data set was taken from www.freebsd.org's httpd-access.log with
>> some of the highly aggressive robot IP addresses pruned out (to avoid
>> huge numbers of repeated queries against a small subset of addresses,
>> which would skew the results).
>
> It's at least arguable that doing queries against a data set  
> including a bunch of repeats is "skewed" in a more realistic  
> fashion. :-)  A quick look at some of the data sources I have handy  
> such as http access logs or Squid proxy logs suggests that (for  
> example) out of a database of 17+ million requests, there were only  
> 46000 unique IPs involved.
>
> You might find it interesting to compare doing queries against your  
> raw and filtered datasets, just to see what kind of difference you  
> get, if any.
>
>> Testing was done over a broadcom gigabit ethernet cable connected
>> back-to-back between two identical machines.  named was restarted in
>> between tests to flush the cache.
>
> What was the external network connectivity in terms of speed?  The  
> docs suggest you need something like a 16MBs up/8 Mbs down  
> connectivity in order to get up to 50K requests/sec....
>
> [ ... ]
>> It would be interesting to test BIND performance when acting as an
>> authoritative server, which probably has very different performance
>> characteristics; the difficulty there is getting access to a suitably
>> interesting and representative zone file and query data.
>
> I suppose you could also set up a test nameserver which claims to be  
> authoritative for all of in-addr.arpa, and set up a bunch (65K?) /16  
> reverse zone files, and then test against real unmodified IPs, but  
> it would be easier to do something like this:
>
> Set up a nameserver which is authoritative for 1.10.in-addr.arpa  
> (ie, the reverse zone for 10.1/16), and use a zonefile with the  
> $GENERATE directive to populate your PTR records:
>
> $TTL    86400
> $origin 1.10.in-addr.arpa.
>
> @       IN      SOA     localhost. hostmaster.localhost. (
>        1       ; serial (YYYYMMDD##)
>        3h      ; Refresh 3 hours
>        1h      ; Retry   1 hour
>        30d     ; Expire  30 days
>        1d )    ; Minimum 24 hours
>
> @       NS      localhost.
>
> $GENERATE 0-255 $.0 PTR ip-10-1-0-$.example.com.
> $GENERATE 0-255 $.1 PTR ip-10-1-1-$.example.org.
> $GENERATE 0-255 $.2 PTR ip-10-1-2-$.example.net.
> ; ...etc...
>
> ...and then feed it a query database consisting of PTR lookups.  If  
> you wanted to, you could take your existing IP database, and glue  
> the last two octets of the real IPs onto 10.1 to produce a  
> reasonable assortment of IPs to perform a reverse lookup upon.
>
> -- 
> -Chuck

_______________________________________________
freebsd-performance at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-performance
To unsubscribe, send any mail to "freebsd-performance-unsubscribe at freebsd.org"

More information about the freebsd-performance mailing list