Bind performance

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Bind performance

Mark Bucciarelli-2
I have seen some benchmarking stat's on Bind [1] and NSD that
compare FreeBSD 6.1 to 4.11, and 4.11 kick 6.1's ass and then
wipes up the floor with it.

I'm going to be putting a DNS server in production soon and was
planning to use FreeBSD, but now I'm wondering if OpenBSD would
be a better choice from purely a performance perspective.

I understand performance is secondary to security for this
project, but I am curious what the numbers are in this specific
case.

Does anyone have stats on Bind performance on OpenBSD?  (I saw
the fefe page--looks old.)

And when does performance really start to matter for a DNS
server?  Say I host 500 web sites and 500 email domains with
"average" traffic, for some value of average.  Is a limit of
15,000 DNS queries/second ever going to be a problem?  If not,
when could it become a problem?

It will be my first DNS server, so I don't have a gut feel for
this stuff yet.

Thanks,

m

[1] http://lists.freebsd.org/pipermail/freebsd-net/2006-September/011748.html

Reply | Threaded
Open this post in threaded view
|

Re: Bind performance

franz-9
On 11/22/06, Mark Bucciarelli <[hidden email]> wrote:

> I understand performance is secondary to security for this
> project, but I am curious what the numbers are in this specific
> case.

For performance and security too, I suggest you to try djbdns instead bind:
http://cr.yp.to/djbdns.html

Regards,
-f

Reply | Threaded
Open this post in threaded view
|

Re: Bind performance

Kyle Drake
I've had very good results with MaraDNS, been using it for at least two
years now with no problems.

Some highlights:

Memory based, so
it loads all the configuration settings on startup and then jails itself so
it cannot write to the FS
Small, and FAST - It's been benchmarked as faster than Bind (not hard) and
djbdns
Simple to configure - no more BIND howto
Wildcards - *.domain.com, not a unique feature but I thought I'd point it
out anyways.

If you're worried about having to restart the server to make changes
(the one caveat of this design),
then I wouldn't use it, but it's not that big of a deal for most scenarios.

http://www.maradns.org/


On 11/22/06, fRANz <[hidden email]> wrote:

>
> On 11/22/06, Mark Bucciarelli <[hidden email]> wrote:
>
> > I understand performance is secondary to security for this
> > project, but I am curious what the numbers are in this specific
> > case.
>
> For performance and security too, I suggest you to try djbdns instead
> bind:
> http://cr.yp.to/djbdns.html
>
> Regards,
> -f

Reply | Threaded
Open this post in threaded view
|

Re: Bind performance

Stuart Henderson
In reply to this post by franz-9
On 2006/11/22 18:01, fRANz wrote:
> On 11/22/06, Mark Bucciarelli <[hidden email]> wrote:
>
> >I understand performance is secondary to security for this
> >project, but I am curious what the numbers are in this specific
> >case.
>
> For performance and security too, I suggest you to try djbdns instead bind:
> http://cr.yp.to/djbdns.html

there are good high-performance alternatives which are easier to
use nowadays. for one, nsd (as the OP already mentioned).

Reply | Threaded
Open this post in threaded view
|

Re: Bind performance

Claudio Jeker
In reply to this post by Mark Bucciarelli-2
On Wed, Nov 22, 2006 at 10:43:42AM -0500, Mark Bucciarelli wrote:

> I have seen some benchmarking stat's on Bind [1] and NSD that
> compare FreeBSD 6.1 to 4.11, and 4.11 kick 6.1's ass and then
> wipes up the floor with it.
>
> I'm going to be putting a DNS server in production soon and was
> planning to use FreeBSD, but now I'm wondering if OpenBSD would
> be a better choice from purely a performance perspective.
>
> I understand performance is secondary to security for this
> project, but I am curious what the numbers are in this specific
> case.
>
> Does anyone have stats on Bind performance on OpenBSD?  (I saw
> the fefe page--looks old.)
>
> And when does performance really start to matter for a DNS
> server?  Say I host 500 web sites and 500 email domains with
> "average" traffic, for some value of average.  Is a limit of
> 15,000 DNS queries/second ever going to be a problem?  If not,
> when could it become a problem?
>
> It will be my first DNS server, so I don't have a gut feel for
> this stuff yet.
>

We are running NSD on a Intel Pentium III to serve as cctld (country top
level domain). The box is currently doing around 100 lookups per second
and I consider this a busy DNS box and the box is totaly idle.

--
:wq Claudio

Reply | Threaded
Open this post in threaded view
|

Re: Bind performance

Berk D. Demir
In reply to this post by Mark Bucciarelli-2
Mark Bucciarelli wrote:

> And when does performance really start to matter for a DNS
> server?  Say I host 500 web sites and 500 email domains with
> "average" traffic, for some value of average.  Is a limit of
> 15,000 DNS queries/second ever going to be a problem?  If not,
> when could it become a problem?

15.000 queries/sec seems a bit unrealistic to me.
I bet even with 15.000 packets/sec your ethernet cards will create an
interrupt storm and even pf won't be able to process packets because
kernel will be loosing too much time handling the interrupts.

Some examples:

One of the five servers of a ccTLD answers roughly 200 queries per second.

One of the four recursive name servers for a big ISP answers 300
queries per second on expectational peak times. Normally 50 queries per
second.

These machines are not monsters. Many of them are small desktop model
Dell PCs with no more then 512MB RAM and old P3/P CPUs.

No need to look for another DNS server when you get one in the base.
BIND is time tested and you can find many best practices documents and
tutorials about it.

Reply | Threaded
Open this post in threaded view
|

Re: Bind performance

Henning Brauer
* Berk D. Demir <[hidden email]> [2006-11-22 22:04]:

> Mark Bucciarelli wrote:
>
> >And when does performance really start to matter for a DNS
> >server?  Say I host 500 web sites and 500 email domains with
> >"average" traffic, for some value of average.  Is a limit of
> >15,000 DNS queries/second ever going to be a problem?  If not,
> >when could it become a problem?
>
> 15.000 queries/sec seems a bit unrealistic to me.
> I bet even with 15.000 packets/sec your ethernet cards will create an
> interrupt storm and even pf won't be able to process packets because
> kernel will be loosing too much time handling the interrupts.

err... 15k pps is easily reachable
well, not on a soekris perhaps

--
Henning Brauer, [hidden email], [hidden email]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

Reply | Threaded
Open this post in threaded view
|

Re: Bind performance

Mark Bucciarelli-2
In reply to this post by Mark Bucciarelli-2
On Wed, Nov 22, 2006 at 11:00:17PM +0200, Berk D. Demir wrote:

> Mark Bucciarelli wrote:
>
> > And when does performance really start to matter for a DNS
> > server?  
>
> 15.000 queries/sec seems a bit unrealistic to me.  I bet even
> with 15.000 packets/sec your ethernet cards will create an
> interrupt storm and even pf won't be able to process packets
> because kernel will be loosing too much time handling the
> interrupts.

In benchmarking stats/lies I quoted in original post, that's the
slowest they got (6.1 SMP w/ Bind).  With NSD it was 30,000 on
6.1 and 59,000 on 4.11.  The full chart compares FreeBSD 6.1,
4.11 and Linux 2.6 (SMP vs. UP).

In any case, it's obvious DNS performance is not something I need
to worry about.  

Thanks for the help!

m

Reply | Threaded
Open this post in threaded view
|

Re: Bind performance

Berk D. Demir
In reply to this post by Henning Brauer
Henning Brauer wrote:
> err... 15k pps is easily reachable
> well, not on a soekris perhaps

I can't reach that value with a Dell OptiPlex GX280 w/ onboard bge(4)
MP kernel, net.inet.ip.ifq.maxlen=250, 4.0 or -current, doesn't matter.
Collision count increases monotonically. Stops forwarding packets, etc.
Switching to em(4) carries limit to ~25k to ~30k.

Reply | Threaded
Open this post in threaded view
|

Re: Bind performance

Darrin Chandler
In reply to this post by Mark Bucciarelli-2
Mark Bucciarelli wrote:
> In any case, it's obvious DNS performance is not something I need
> to worry about.  

I think you are correct. You can also add more DNS servers at any point.
  Simplistic (but sufficient) load balancing and redundancy are
trivially easy with DNS.

--
Darrin Chandler            |  Phoenix BSD Users Group
[hidden email]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |

Reply | Threaded
Open this post in threaded view
|

Re: Bind performance

Matt Rowley
In reply to this post by Berk D. Demir
> I can't reach that value with a Dell OptiPlex GX280 w/ onboard bge(4)
> MP kernel, net.inet.ip.ifq.maxlen=250, 4.0 or -current, doesn't matter.
> Collision count increases monotonically. Stops forwarding packets, etc.
> Switching to em(4) carries limit to ~25k to ~30k.

consider trying to increase ifq.maxlen higher than that and see if it
helps.  It did for me.

--Matt