DNS zone query data
David L. Aldridge
dlac at aldridge.com
Mon Jan 7 18:22:22 PST 2008
Kris
I may be able to help you.
Call me tomorrow. 713-403-9150. Or email me with questions.
Dave
http://www.aldridge.com/
----- Original Message -----
From: owner-freebsd-performance at freebsd.org <owner-freebsd-performance at freebsd.org>
To: Kris Kennaway <kris at freebsd.org>
Cc: performance at freebsd.org <performance at freebsd.org>
Sent: Mon Jan 07 19:22:52 2008
Subject: Re: DNS zone query data
Hi, Kris--
Jan 5, 2008, at 6:14 PM, Kris Kennaway wrote:
> Some months ago someone on this list offered to provide to me a data
> set of DNS query data and the corresponding zone file for
> benchmarking of BIND performance as an authoritative server.
> Unfortunately I have lost the email and forgot who it was who made
> the offer :) If it was you, please contact me again privately as I
> would like to proceed with this.
Was it this thread:
Begin forwarded message:
> From: Chuck Swiger <cswiger at mac.com>
> Date: June 4, 2007 1:21:51 PM PDT
> To: Kris Kennaway <kris at obsecurity.org>
> Cc: Doug Barton <dougb at FreeBSD.org>, freebsd-current at freebsd.org
> Subject: Re: HEADS UP: BIND 9.4.1 imported
> On Jun 2, 2007, at 7:27 PM, Kris Kennaway wrote:
>>> For the vast majority of users, this should be a noop. Please test,
>>> especially if you have a heavier loaded name server, and report any
>>> issues.
>>
>> Also I'll remark that we remain very interested in getting access to
>> either a busy nameserver or the data stream from one, in order to
>> profile FreeBSD kernel activity and look for places to optimize
>> performance.
>
> I've mentioned this before, but the dns/adns port provides some
> handy utilities for putting a DNS server under high loads.
>
> Something like the following command will generate anywhere from 200
> queries/sec to 1500+ queries/sec, depending on the IPs involved in
> the logfile you use, and how rapidly the remote nameservers respond:
>
> /usr/local/bin/adnslogres -c 500 < /var/log/httpd-access.log >! /
> var/log/httpd-access.log.dns
>
> --
> -Chuck
-----
Begin forwarded message:
> From: Chuck Swiger <cswiger at mac.com>
> Date: June 14, 2007 4:53:01 PM PDT
> To: Kris Kennaway <kris at obsecurity.org>
> Cc: performance at FreeBSD.org, smp at FreeBSD.org, current at FreeBSD.org
> Subject: Re: BIND 9.4.1 performance on FreeBSD 6.2 vs. 7.0
>
> Hi, Kris--
>
> This was interesting, thanks for putting together the testing and
> graphs.
>
> On Jun 14, 2007, at 1:48 AM, Kris Kennaway wrote:
>> I have been benchmarking BIND 9.4.1 recursive query performance on an
>> 8-core opteron, using the resperf utility (dns/dnsperf in ports).
>> The
>> query data set was taken from www.freebsd.org's httpd-access.log with
>> some of the highly aggressive robot IP addresses pruned out (to avoid
>> huge numbers of repeated queries against a small subset of addresses,
>> which would skew the results).
>
> It's at least arguable that doing queries against a data set
> including a bunch of repeats is "skewed" in a more realistic
> fashion. :-) A quick look at some of the data sources I have handy
> such as http access logs or Squid proxy logs suggests that (for
> example) out of a database of 17+ million requests, there were only
> 46000 unique IPs involved.
>
> You might find it interesting to compare doing queries against your
> raw and filtered datasets, just to see what kind of difference you
> get, if any.
>
>> Testing was done over a broadcom gigabit ethernet cable connected
>> back-to-back between two identical machines. named was restarted in
>> between tests to flush the cache.
>
> What was the external network connectivity in terms of speed? The
> docs suggest you need something like a 16MBs up/8 Mbs down
> connectivity in order to get up to 50K requests/sec....
>
> [ ... ]
>> It would be interesting to test BIND performance when acting as an
>> authoritative server, which probably has very different performance
>> characteristics; the difficulty there is getting access to a suitably
>> interesting and representative zone file and query data.
>
> I suppose you could also set up a test nameserver which claims to be
> authoritative for all of in-addr.arpa, and set up a bunch (65K?) /16
> reverse zone files, and then test against real unmodified IPs, but
> it would be easier to do something like this:
>
> Set up a nameserver which is authoritative for 1.10.in-addr.arpa
> (ie, the reverse zone for 10.1/16), and use a zonefile with the
> $GENERATE directive to populate your PTR records:
>
> $TTL 86400
> $origin 1.10.in-addr.arpa.
>
> @ IN SOA localhost. hostmaster.localhost. (
> 1 ; serial (YYYYMMDD##)
> 3h ; Refresh 3 hours
> 1h ; Retry 1 hour
> 30d ; Expire 30 days
> 1d ) ; Minimum 24 hours
>
> @ NS localhost.
>
> $GENERATE 0-255 $.0 PTR ip-10-1-0-$.example.com.
> $GENERATE 0-255 $.1 PTR ip-10-1-1-$.example.org.
> $GENERATE 0-255 $.2 PTR ip-10-1-2-$.example.net.
> ; ...etc...
>
> ...and then feed it a query database consisting of PTR lookups. If
> you wanted to, you could take your existing IP database, and glue
> the last two octets of the real IPs onto 10.1 to produce a
> reasonable assortment of IPs to perform a reverse lookup upon.
>
> --
> -Chuck
_______________________________________________
freebsd-performance at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-performance
To unsubscribe, send any mail to "freebsd-performance-unsubscribe at freebsd.org"
More information about the freebsd-performance
mailing list