Presentation is loading. Please wait.

Presentation is loading. Please wait.

DNS Dynamic Update Performance Study 2014.10.10. The Purpose Dynamic update and XFR is key approach to perform zone data replication and synchronization,

Published byMiles Horn Modified over 9 years ago

Similar presentations

Presentation on theme: "DNS Dynamic Update Performance Study 2014.10.10. The Purpose Dynamic update and XFR is key approach to perform zone data replication and synchronization,"— Presentation transcript:

1 DNS Dynamic Update Performance Study 2014.10.10

2 The Purpose Dynamic update and XFR is key approach to perform zone data replication and synchronization, to study its performance limitation is meaningful to estimate the efficiency of the whole DNS system Provide operational practice to DNS operators. Provide improvements to DNS standard and software implementation

3 Data flow: Primary master -> master -> slave Generate root zone file, and record the initialized SOA serial number s0. Record current time t0 and start to keep sending n numbers of update requests to primary master without waiting for the ACK from server. Each request is to adding one new TLD which include one NS and one related glue. At the same time, without waiting for the sending finish, keep querying all three servers, record the time when the SOA serial of respective server reaches to s0 + n, record the final time t1. For each server the UPS(update per second) is (t1 – t0)/n Test Method

4 Factors may affect the performance Zone size Query pressure of slave node DNSSEC (not only affect the zone size, but also complicate the update process) Hard driver write performance

5 Test Environment Network topology Hardware configuration OS/DNS software

6 Network Topology

7 Hardware Configuration Controller: OS:Centos 6.4 x86_64 CPU : Intel(R) Xeon(R) CPU E5-2403 v2 1.80GHz Memory : DDR3 1333 2G Hard driver:ST500DM002-1BD142 7200 16M Primary Master/master/slave : OS : Centos 6.4 x86_64/Freebsd 10.0 x86_64 CPU : Intel Xeon E3-1220v2 3.1GHZ 4 cores 4 Threads Memory : DDR3 1333 ECC 32G Hard driver: ST500DM002-1BD142 7200 16M

8 Dns Software Primary master – BIND(9.9.5) Master – BIND(9.9.5) Slave – BIND(9.9.5) – NSD(3.2.18) – KNOT(1.5.1)

9 UPS VS TLD Count(without DNSSEC)

10 UPS VS TLD Count(with DNSSEC)

11 UPS vs QPS on Slave Node

12 Performance Analysis For primary master, the update procedure is: – Generate the difference (update validation) – Apply the diff to memory DB – Write to journal file – Mark zone to dirty and later synchronize memory data with zone file – Notify other name servers The bottleneck is hard driver write – To make all the modification persistent, BIND will make sure the journal file is written into disk, which using fsync

13 Whether is better with SSD?

14 Hardware Configuration Primary Master (mac pro) : OS: OS X 10.9.5 CPU : 2.4 GHz Intel Core i5 Memory : 8 GB 1600 MHz DDR3 Hard driver : APPLE SSD SD0256F Media Slave (mac air) : OS : OS X 10.9.5 CPU : 2.7 GHz Intel Core i5 Memory : 4 GB 1600 MHz DDR3 Hard driver : APPLE SSD SD0256F Media

15 UPS VS TLD Count(without DNSSEC)

16 UPS VS TLD Count(with DNSSEC)

17 UPS VS QPS (UDP/DO)

18 Persistent DB vs Memory DB Like root server system, most distributed DNS system stores RRs into rational DB, using DNS server to provide query and zone synchronization service. Modify BIND without generating journal file and synchronizing zone file with memory DB to promote the performance. The following test result is based on the first test environment with modification BIND running on primary master.

19 UPS vs TLD Count(without DNSSEC)

20 UPS vs TLD Count(with DNSSEC)

21 UPS vs QPS (UDP/DO)

22 Conclusion The updating for one zone is sequential, therefore multi-core won’t help. Without persistent guarantee, dynamic update itself is quite efficient DNSSEC affect the performance by 50% decrease For each hierarchy level, the performance is dropped by 20~30% If memory is sufficient, zone size has little impact on update performance. UDP query pressure also has little impact. Mainly because computation resource and file descriptor resource are sufficient. For slave node, under update pressure, if KNOT receive IXFR exceeding 1024 serial number change, it will fall back to AXFR which will cause more transfer time and zone file synchronization time. It is the reason why it slower than NSD at some point, and more bigger the zone size, more slower the transfer.

23 What’s next The affection of hierarchy depth is tested, the width of it is another important factor of the performance, with more resources, the test will be performed in the near future. The testing is under LAN, when transfer across WAN, the behavior should be different.

24 Q & A

25

Download ppt "DNS Dynamic Update Performance Study 2014.10.10. The Purpose Dynamic update and XFR is key approach to perform zone data replication and synchronization,"

Similar presentations

Operating System.

Operating System.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
Early Linpack Performance Benchmarking on IPE Mole-8.5 Fermi GPU Cluster Xianyi Zhang 1),2) and Yunquan Zhang 1),3) 1) Laboratory of Parallel Software.

Early Linpack Performance Benchmarking on IPE Mole-8.5 Fermi GPU Cluster Xianyi Zhang 1),2) and Yunquan Zhang 1),3) 1) Laboratory of Parallel Software.
KMemvisor: Flexible System Wide Memory Mirroring in Virtual Environments Bin Wang Zhengwei Qi Haibing Guan Haoliang Dong Wei Sun Shanghai Key Laboratory.

KMemvisor: Flexible System Wide Memory Mirroring in Virtual Environments Bin Wang Zhengwei Qi Haibing Guan Haoliang Dong Wei Sun Shanghai Key Laboratory.
Zone transfer and dns-express

Zone transfer and dns-express
Milestone 1 Workshop in Information Security – Distributed Databases Project Access Control Security vs. Performance By: Yosi Barad, Ainat Chervin and.

Milestone 1 Workshop in Information Security – Distributed Databases Project Access Control Security vs. Performance By: Yosi Barad, Ainat Chervin and.
DNS Security Extension (DNSSEC). Why DNSSEC? DNS is not secure –Applications depend on DNS ►Known vulnerabilities DNSSEC protects against data spoofing.

DNS Security Extension (DNSSEC). Why DNSSEC? DNS is not secure –Applications depend on DNS ►Known vulnerabilities DNSSEC protects against data spoofing.
Survey of DNSSEC Lutz Donnerhacke DNSSEC Meeting (2008-01-16)

Survey of DNSSEC Lutz Donnerhacke DNSSEC Meeting ( )
The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.

The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.
The new The new MONARC Simulation Framework Iosif Legrand  California Institute of Technology.

The new The new MONARC Simulation Framework Iosif Legrand  California Institute of Technology.
DNS and DNSSec Eustace Asanghanwa Andrew Bates Shane Jahnke Brian Wilke.

DNS and DNSSec Eustace Asanghanwa Andrew Bates Shane Jahnke Brian Wilke.
Homework 2 In the docs folder of your Berkeley DB, have a careful look at documentation on how to configure BDB in main memory. In the docs folder of your.

Homework 2 In the docs folder of your Berkeley DB, have a careful look at documentation on how to configure BDB in main memory. In the docs folder of your.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.

DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Introduction to DoC Private Cloud

Introduction to DoC Private Cloud
Virtual Network Servers. What is a Server? 1. A software application that provides a specific one or more services to other computers  Example: Apache.

Virtual Network Servers. What is a Server? 1. A software application that provides a specific one or more services to other computers  Example: Apache.
Prepared by Careene McCallum-Rodney Hardware specification of a computer system.

Prepared by Careene McCallum-Rodney Hardware specification of a computer system.

Similar presentations

Ads by Google