DNS Dynamic Update Performance Study 2014.10.10. The Purpose Dynamic update and XFR is key approach to perform zone data replication and synchronization,

Slides:

Advertisements

Similar presentations

Operating System.

Advertisements

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Early Linpack Performance Benchmarking on IPE Mole-8.5 Fermi GPU Cluster Xianyi Zhang 1),2) and Yunquan Zhang 1),3) 1) Laboratory of Parallel Software.

KMemvisor: Flexible System Wide Memory Mirroring in Virtual Environments Bin Wang Zhengwei Qi Haibing Guan Haoliang Dong Wei Sun Shanghai Key Laboratory.

Zone transfer and dns-express

Milestone 1 Workshop in Information Security – Distributed Databases Project Access Control Security vs. Performance By: Yosi Barad, Ainat Chervin and.

DNS Security Extension (DNSSEC). Why DNSSEC? DNS is not secure –Applications depend on DNS ►Known vulnerabilities DNSSEC protects against data spoofing.

Survey of DNSSEC Lutz Donnerhacke DNSSEC Meeting ( )

The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.

Figure 1.1 Interaction between applications and the operating system.

The new The new MONARC Simulation Framework Iosif Legrand  California Institute of Technology.

DNS and DNSSec Eustace Asanghanwa Andrew Bates Shane Jahnke Brian Wilke.

Homework 2 In the docs folder of your Berkeley DB, have a careful look at documentation on how to configure BDB in main memory. In the docs folder of your.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.

25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Introduction to DoC Private Cloud

Virtual Network Servers. What is a Server? 1. A software application that provides a specific one or more services to other computers  Example: Apache.

Prepared by Careene McCallum-Rodney Hardware specification of a computer system.

Capacity Planning in SharePoint Capacity Planning Process of evaluating a technology … Deciding … Hardware … Variety of Ways Different Services.

Peter Janssen, EURid.eu Ljubljana, RIPE 64, 2012 Peter Janssen, EURid.eu Ljubljana, RIPE 64, April

11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Module 3 DNS Types.

Basic DNS Course Lecturer: Ron Aitchison. Module 1 DNS Theory.

DNS and Active Directory Integration

TPB Models Development Status Report Presentation to the Travel Forecasting Subcommittee Ron Milone National Capital Region Transportation Planning Board.

5 September 2015 Culrur-exp project CULTURe EXchange Platform (CULTUR-EXP) project kick-off meeting, August 2013, Tbilisi, Georgia Joint Operational.

1 Chapter Client-Server Interaction. 2 Functionality  Transport layer and layers below  Basic communication  Reliability  Application layer.

Operating System. Architecture of Computer System Hardware Operating System (OS) Programming Language (e.g. PASCAL) Application Programs (e.g. WORD, EXCEL)

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.

Dynamic and Secure DNS Tianyi Xing.  Establish a dynamic and secure DNS service in the mobicloud system.

CSE 451: Operating Systems Section 10 Project 3 wrap-up, final exam review.

Domain Name System CH 25 Aseel Alturki

GBT Interface Card for a Linux Computer Carson Teale 1.

A. Cavalli - F. Semeria INFN Experience With Globus GIS 1 A. Cavalli - F. Semeria INFN First INFN Grid Workshop Catania, 9-11 April 2001 INFN Experience.

MySQL and GRID Gabriele Carcassi STAR Collaboration 6 May Proposal.

Secured Dynamic Updates. Caution Portions of this slide set present features that do not appear in BIND until BIND 9.3 –Snapshot code is available for.

Testing DNS Performance limits the Final Chapter Research by ISC for CAIDA Funded by NSF David Boggs, lead investigator Brian Reid, writer and reporter.

Krit Witwiyaruj Thai Name Server Co., Ltd.th DNSSEC Implementation.

Distributed File Systems Overview  A file system is an abstract data type – an abstraction of a storage device.  A distributed file system is available.

CMAQ Runtime Performance as Affected by Number of Processors and NFS Writes Patricia A. Bresnahan, a * Ahmed Ibrahim b, Jesse Bash a and David Miller a.

Highlights – Digital Literacy. An operating system (OS) is the most important program that runs on your computer. Every general-purpose computer must.

LFC Replication Tests LCG 3D Workshop Barbara Martelli.

1 Admission Control and Request Scheduling in E-Commerce Web Sites Sameh Elnikety, EPFL Erich Nahum, IBM Watson John Tracey, IBM Watson Willy Zwaenepoel,

2.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 2: Examining.

Virtual Machines Created within the Virtualization layer, such as a hypervisor Shares the physical computer's CPU, hard disk, memory, and network interfaces.

DNS DNS overview DNS operation DNS zones. DNS Overview Name to IP address lookup service based on Domain Names Some DNS servers hold name and address.

HADOOP DISTRIBUTED FILE SYSTEM HDFS Reliability Based on “The Hadoop Distributed File System” K. Shvachko et al., MSST 2010 Michael Tsitrin 26/05/13.

Linux Operations and Administration

11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

PROOF Benchmark on Different Hardware Configurations 1 11/29/2007 Neng Xu, University of Wisconsin-Madison Mengmeng Chen, Annabelle Leung, Bruce Mellado,

Cluster Computers. Introduction Cluster computing –Standard PCs or workstations connected by a fast network –Good price/performance ratio –Exploit existing.

MINIX Presented by: Clinton Morse, Joseph Paetz, Theresa Sullivan, and Angela Volk.

Programming Multi-Core Processors based Embedded Systems A Hands-On Experience on Cavium Octeon based Platforms Lab Exercises: Lab 1 (Performance measurement)

CEG 2400 FALL 2012 Linux/UNIX Network Operating Systems.

Running clusters on a Shoestring Fermilab SC 2007.

Basics of the Domain Name System (DNS) By : AMMY- DRISS Mohamed Amine KADDARI Zakaria MAHMOUDI Soufiane Oujda Med I University National College of Applied.

1 Thierry Titcheu Chekam 1,2, Ennan Zhai 3, Zhenhua Li 1, Yong Cui 4, Kui Ren 5 1 School of Software, TNLIST, and KLISS MoE, Tsinghua University 2 Interdisciplinary.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.

Using Digital Signature with DNS. DNS structure Virtually every application uses the Domain Name System (DNS). DNS database maps: –Name to IP address.

Dynamic Extension of the INFN Tier-1 on external resources

IMPLEMENTING NAME RESOLUTION USING DNS

NIC Chile Secondary DNS Service History and Evolution

Provisioning Performance of name server Software

Computer Networks Primary, Secondary and Root Servers

Fabric metrics Qi Zhang(IBM Research – T.J. Watson) Hardware Software

Run time performance for all benchmarked software.

Presentation transcript:

DNS Dynamic Update Performance Study

The Purpose Dynamic update and XFR is key approach to perform zone data replication and synchronization, to study its performance limitation is meaningful to estimate the efficiency of the whole DNS system Provide operational practice to DNS operators. Provide improvements to DNS standard and software implementation

Data flow: Primary master -> master -> slave Generate root zone file, and record the initialized SOA serial number s0. Record current time t0 and start to keep sending n numbers of update requests to primary master without waiting for the ACK from server. Each request is to adding one new TLD which include one NS and one related glue. At the same time, without waiting for the sending finish, keep querying all three servers, record the time when the SOA serial of respective server reaches to s0 + n, record the final time t1. For each server the UPS(update per second) is (t1 – t0)/n Test Method

Factors may affect the performance Zone size Query pressure of slave node DNSSEC (not only affect the zone size, but also complicate the update process) Hard driver write performance

Test Environment Network topology Hardware configuration OS/DNS software

Network Topology

Hardware Configuration Controller: OS:Centos 6.4 x86_64 CPU ： Intel(R) Xeon(R) CPU E v2 1.80GHz Memory ： DDR G Hard driver:ST500DM002-1BD M Primary Master/master/slave ： OS ： Centos 6.4 x86_64/Freebsd 10.0 x86_64 CPU ： Intel Xeon E3-1220v2 3.1GHZ 4 cores 4 Threads Memory ： DDR ECC 32G Hard driver: ST500DM002-1BD M

Dns Software Primary master – BIND(9.9.5) Master – BIND(9.9.5) Slave – BIND(9.9.5) – NSD(3.2.18) – KNOT(1.5.1)

UPS VS TLD Count(without DNSSEC)

UPS VS TLD Count(with DNSSEC)

UPS vs QPS on Slave Node

Performance Analysis For primary master, the update procedure is: – Generate the difference (update validation) – Apply the diff to memory DB – Write to journal file – Mark zone to dirty and later synchronize memory data with zone file – Notify other name servers The bottleneck is hard driver write – To make all the modification persistent, BIND will make sure the journal file is written into disk, which using fsync

Whether is better with SSD?

Hardware Configuration Primary Master (mac pro) ： OS: OS X CPU ： 2.4 GHz Intel Core i5 Memory ： 8 GB 1600 MHz DDR3 Hard driver ： APPLE SSD SD0256F Media Slave (mac air) ： OS ： OS X CPU ： 2.7 GHz Intel Core i5 Memory ： 4 GB 1600 MHz DDR3 Hard driver ： APPLE SSD SD0256F Media

UPS VS TLD Count(without DNSSEC)

UPS VS TLD Count(with DNSSEC)

UPS VS QPS (UDP/DO)

Persistent DB vs Memory DB Like root server system, most distributed DNS system stores RRs into rational DB, using DNS server to provide query and zone synchronization service. Modify BIND without generating journal file and synchronizing zone file with memory DB to promote the performance. The following test result is based on the first test environment with modification BIND running on primary master.

UPS vs TLD Count(without DNSSEC)

UPS vs TLD Count(with DNSSEC)

UPS vs QPS (UDP/DO)

Conclusion The updating for one zone is sequential, therefore multi-core won’t help. Without persistent guarantee, dynamic update itself is quite efficient DNSSEC affect the performance by 50% decrease For each hierarchy level, the performance is dropped by 20~30% If memory is sufficient, zone size has little impact on update performance. UDP query pressure also has little impact. Mainly because computation resource and file descriptor resource are sufficient. For slave node, under update pressure, if KNOT receive IXFR exceeding 1024 serial number change, it will fall back to AXFR which will cause more transfer time and zone file synchronization time. It is the reason why it slower than NSD at some point, and more bigger the zone size, more slower the transfer.

What’s next The affection of hierarchy depth is tested, the width of it is another important factor of the performance, with more resources, the test will be performed in the near future. The testing is under LAN, when transfer across WAN, the behavior should be different.

Q & A