List Info

Thread: Re: DNS zone query data
Re: DNS zone query data
country flaguser name
United States		 2008-01-07 20:06:38 
Kris
I may be able to help you. 
Call me tomorrow. 713-403-9150.  Or email me with questions.

Dave
http://www.aldridge.com/



----- Original Message -----
From: owner-freebsd-performancefreebsd.org
<owner-freebsd-performancefreebsd.org>
To: Kris Kennaway <krisfreebsd.org>
Cc: performancefreebsd.org <performancefreebsd.org>
Sent: Mon Jan 07 19:22:52 2008
Subject: Re: DNS zone query data

Hi, Kris--

  Jan 5, 2008, at 6:14 PM, Kris Kennaway wrote:
> Some months ago someone on this list offered to provide
to me a data  
> set of DNS query data and the corresponding zone file
for  
> benchmarking of BIND performance as an authoritative
server.   
> Unfortunately I have lost the email and forgot who it
was who made  
> the offer   If it was
you, please contact me again privately as I  
> would like to proceed with this.


Was it this thread:

Begin forwarded message:
> From: Chuck Swiger <cswigermac.com>
> Date: June 4, 2007 1:21:51 PM PDT
> To: Kris Kennaway <krisobsecurity.org>
> Cc: Doug Barton <dougbFreeBSD.org>,
freebsd-currentfreebsd.org
> Subject: Re: HEADS UP: BIND 9.4.1 imported
> On Jun 2, 2007, at 7:27 PM, Kris Kennaway wrote:
>>> For the vast majority of users, this should be
a noop. Please test,
>>> especially if you have a heavier loaded name
server, and report any
>>> issues.
>>
>> Also I'll remark that we remain very interested in
getting access to
>> either a busy nameserver or the data stream from
one, in order to
>> profile FreeBSD kernel activity and look for places
to optimize
>> performance.
>
> I've mentioned this before, but the dns/adns port
provides some  
> handy utilities for putting a DNS server under high
loads.
>
> Something like the following command will generate
anywhere from 200  
> queries/sec to 1500+ queries/sec, depending on the IPs
involved in  
> the logfile you use, and how rapidly the remote
nameservers respond:
>
>  /usr/local/bin/adnslogres -c 500 <
/var/log/httpd-access.log >! / 
> var/log/httpd-access.log.dns
>
> -- 
> -Chuck

	-----

Begin forwarded message:
> From: Chuck Swiger <cswigermac.com>
> Date: June 14, 2007 4:53:01 PM PDT
> To: Kris Kennaway <krisobsecurity.org>
> Cc: performanceFreeBSD.org, smpFreeBSD.org, currentFreeBSD.org
> Subject: Re: BIND 9.4.1 performance on FreeBSD 6.2 vs.
7.0
>
> Hi, Kris--
>
> This was interesting, thanks for putting together the
testing and  
> graphs.
>
> On Jun 14, 2007, at 1:48 AM, Kris Kennaway wrote:
>> I have been benchmarking BIND 9.4.1 recursive query
performance on an
>> 8-core opteron, using the resperf utility
(dns/dnsperf in ports).   
>> The
>> query data set was taken from www.freebsd.org's
httpd-access.log with
>> some of the highly aggressive robot IP addresses
pruned out (to avoid
>> huge numbers of repeated queries against a small
subset of addresses,
>> which would skew the results).
>
> It's at least arguable that doing queries against a
data set  
> including a bunch of repeats is "skewed" in a
more realistic  
> fashion.   A quick
look at some of the data sources I have handy  
> such as http access logs or Squid proxy logs suggests
that (for  
> example) out of a database of 17+ million requests,
there were only  
> 46000 unique IPs involved.
>
> You might find it interesting to compare doing queries
against your  
> raw and filtered datasets, just to see what kind of
difference you  
> get, if any.
>
>> Testing was done over a broadcom gigabit ethernet
cable connected
>> back-to-back between two identical machines.  named
was restarted in
>> between tests to flush the cache.
>
> What was the external network connectivity in terms of
speed?  The  
> docs suggest you need something like a 16MBs up/8 Mbs
down  
> connectivity in order to get up to 50K
requests/sec....
>
> [ ... ]
>> It would be interesting to test BIND performance
when acting as an
>> authoritative server, which probably has very
different performance
>> characteristics; the difficulty there is getting
access to a suitably
>> interesting and representative zone file and query
data.
>
> I suppose you could also set up a test nameserver which
claims to be  
> authoritative for all of in-addr.arpa, and set up a
bunch (65K?) /16  
> reverse zone files, and then test against real
unmodified IPs, but  
> it would be easier to do something like this:
>
> Set up a nameserver which is authoritative for
1.10.in-addr.arpa  
> (ie, the reverse zone for 10.1/16), and use a zonefile
with the  
> $GENERATE directive to populate your PTR records:
>
> $TTL    86400
> $origin 1.10.in-addr.arpa.
>
>        IN      SOA     localhost.
hostmaster.localhost. (
>        1       ; serial (YYYYMMDD##)
>        3h      ; Refresh 3 hours
>        1h      ; Retry   1 hour
>        30d     ; Expire  30 days
>        1d )    ; Minimum 24 hours
>
>        NS      localhost.
>
> $GENERATE 0-255 $.0 PTR ip-10-1-0-$.example.com.
> $GENERATE 0-255 $.1 PTR ip-10-1-1-$.example.org.
> $GENERATE 0-255 $.2 PTR ip-10-1-2-$.example.net.
> ; ...etc...
>
> ...and then feed it a query database consisting of PTR
lookups.  If  
> you wanted to, you could take your existing IP
database, and glue  
> the last two octets of the real IPs onto 10.1 to
produce a  
> reasonable assortment of IPs to perform a reverse
lookup upon.
>
> -- 
> -Chuck

_______________________________________________
freebsd-performancefreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-p
erformance
To unsubscribe, send any mail to
"freebsd-performance-unsubscribefreebsd.org"
_______________________________________________
freebsd-performancefreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-p
erformance
To unsubscribe, send any mail to
"freebsd-performance-unsubscribefreebsd.org"
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )