Test the performance of the BIND and nominum DNS software on Solaris.

Source: Internet
Author: User
Tags hmac nameserver reverse dns
BIND: no more. Since the invention of Paul Mockapetris in 1983, it has become the de facto standard of DNS in the Internet. ISC (Internet Software Consortium) is responsible for maintenance.
Nominum (www.nominum.com) company to complete, BIND 9. x is a free software, Solaris standard configuration, even in China Telecom, most of the use of bind8.x/9.x.

However, in October 21, 2002, The Denial-of-Service (DoS) attack against 13 DNS Root-domain servers on the Internet lasted for an hour, which gave rise to alarms and improved DNS performance by using new algorithms, it is a method. In addition to continuing to upgrade the free bind, nominum has also developed the nominum Foundation central DNS software for the new algorithm. If you have a good colleague, you cannot change the engineer's old problem, curious and compared and tested the performance of bind and nominum, share the following:

1. Prepare the machine:

Sun Fire v240 server, 1X1 GHz usiiii, MB memory, 4x 1000base-t network port, Solaris 10, Sun Studio 10, connected to Internet.

V240: // # showrev
Hostname: v240
Hostid: 838af0bd
Release: 5.10
Kernel architecture: sun4u
Application Architecture: iSCSI
Hardware provider: sun_microsystems
Domain:
Kernel version: SunOS 5.10 Generic_118822-08

V240:/# cd/opt/sunwspro/bin
V240: // #./version
Machine Hardware: sun4u
OS Version: 5.10
Processor type:
...
Sun Studio 10
Sun Studio 10 C Compiler
Sun Studio 10 C ++ Compiler
Sun Studio 10 tools. H + + 7.1
...

V240:/# Which CC
/Opt/sunwspro/bin/CC

2. With DNS-dind 9.2.4

Host configuration file:

V240:/# vi/etc/hosts
#
# Internet host table
#
127.0.0.1 localhost
192.168.0.55 v240 v240.example.com loghost

Open the DNS switch file:

V240:/# cd VI/etc/nsswith. conf
...
Hosts: Files DNS
...

With the DNS client file, the DNS Client points to China Netcom and the local machine:

V240 # vi/etc/resolv. conf
Nameserver 192.168.0.55 // local IP Address
Nameserver 202. x // xxdns

Configure the DNS server rndc file:

V240 # vi/etc/rndc. conf
# Start of rndc. conf
Key "rndc-key "{
Algorithm hmac-md5;
Secret "qb2ckv1j07pxbv // qqpyta = ";
};

Options {
Default-key "rndc-key ";
Default-server 127.0.0.1;
Default-port 953;
};
# End of rndc. conf

Configure the DNS server named. conf file:

V240 # vi/etc/named. conf
Key "rndc-key "{
Algorithm hmac-md5;
Secret "qb2ckv1j07pxbv // qqpyta = ";
};

Controls {
Inet 127.0.0.1 port 953
Allow {127.0.0.1;} Keys {"rndc-key ";};
};

Options {
Version "$ id, worldhello.net ";
Directory "/var/named ";
PID-file "named. PID ";
Allow-query {Any ;};
Optional Y yes;
Recursion yes;
};
Zone "." In {
Type hint;
File "DB. cache ";
};
Zone "example.com" in {
Type master;
File "db.example.com ";
};
Zone "0.168.192.in-ADDR. Arpa" in {
Type master;
File "db.0.168.192 ";
};
Zone "0.0.127.in-ADDR. Arpa" in {
Type master;
File "DB. Local ";
};

Configure the DNS server cache file:

V240 # vi/var/named/DB. Cache
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
Formerly NS. NASA. gov
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; Formerly NS. ISC. org
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET 3600000 A 192.5.5.241
;
; Formerly NS. Nic. DDN. Mil
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; Formerly AOS. ARL. Army. Mil
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; Formerly Nic. nordu. net
;
. 3600000 NS I .ROOT-SERVERS.NET.
I .ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; Temporarily housed at NSI (InterNIC)
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 198.41.0.10
;
; Housed in Linx, operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; Temporarily housed at ISI (IANA)
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET 3600000 A 198.32.64.12
;
; Housed in Japan, operated by wide
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33

Local files on the DNS server:

V240 # vi/var/named/DB. Local
$ TTL 5 h
0.0.127.in-ADDR. ARPA. In SOA example.com. root.example.com .(
1999062801; serial number (yyymmmdd ##)
10800; refresh every 3 hours
3600; retry every 1 hours
604800; expore after a week
86400); TTL of 1 day
; Name servers
0.0.127.in-ADDR. ARPA. In NS v240.example.com.
1 In PTR localhost

Configure the DNS server's hosts file:

V240 # vi/var/named/db.example.com
$ TTL 5 h
Example.com. In SOA example.com. root.example.com .(
1999062804; serial number (yyymmmdd ##)
10800; refresh every 3 hours
3600; retry every 1 hours
604800; expore after a week
86400); TTL of 1 day
; Name servers
Example.com. In NS v240.example.com.
; Addresses
Localhost in a 127.0.0.1
V240.example.com. In a 192.168.0.55

V20z in a 192.168.0.50

Configure reverse DNS files:

V240 # vi/var/named/db.0.168.192
$ TTL 5 h
0.168.192.in-ADDR. ARPA. In SOA example.com. root.example.com .(
1999070501; serial number (yyymmmdd ##)
10800; refresh every 3 hours
3600; retry every 1 hours
604800; expore after a week
86400); TTL of 1 day
; Name servers
1.1.10.in-ADDR. ARPA. In NS v240.example.com.

55 in PTR v240.example.com.
50

Start the DNS Service:

V240 # SVCs-A | grep DNS
Disabled 18:11:53 svc:/Network/DNS/Server: Default
Online 18:12:42 svc:/Network/DNS/client: Default

V240 # SVCs-A | grep DNS
V240 # svcadm enable svc:/Network/DNS/Server: Default

Test DNS resolution:

V240 # bslookup

(Available at www.sohu.com)

V240 # Dig @ 202.106.0.20

; <>;>; Dig 9.2.4 <>;>;@202.106.0.20
; Global Options: printcmd
; Got answer:
;->;>; Header <-opcode: Query, status: noerror, ID: 83
; Flags: qr rd ra; query: 1, answer: 13, authority: 0, additional: 13

; Question Section:
;. In NS

; Answer section:
. 86440 in NS B .ROOT-SERVERS.NET.
. 86440 in NS C.ROOT-SERVERS.NET.
....

3. Install the queryperf test program:

Queryperf package:

V240 # gzcat queryperf-nominum-2.1.tar.gz | tar xvf-
X queryperf-nominum-2.1, 0 bytes, 0 tape Block
X queryperf-nominum-2.1/input, 0 bytes, 0 tape Block
X queryperf-nominum-2.1/input/sample.0, 101 bytes, 1 tape Block
X queryperf-nominum-2.1/input/sample.1, 304 bytes, 1 tape Block
...

Compile:

V240 #./configure
Checking for GCC... gcc
Checking for C compiler default output... A. Out
Checking whether the C compiler works... yes
...

V240 # Make
Gcc-dpackage_name =/"/"-dpackage_tarname =/"/"-dpackage_version =/"/"-dpackage_string =/"/"-dpackage_bugreport =/"/"-dhave_libsocket = 1 -dhave_libns
L = 1-dhave_getaddrinfo = 1-dhave_getnameinfo = 1-C queryperf. c
Gcc-dpackage_name =/"/"-dpackage_tarname =/"/"-dpackage_version =/"/"-dpackage_string =/"/"-dpackage_bugreport =/"/"-dhave_libsocket = 1 -dhave_libns
L = 1-dhave_getaddrinfo = 1-dhave_getnameinfo = 1 queryperf. O-lnsl-lsocket-lresolv-lm-O queryperf
...

4. Test bind 9.2.4

Edit the test file containing the test domain name (>; 30000 test domain names ):

V240 # VI TEST
Www.sina.com.cn
Www.sohu.com
Www.sun.com
...
(More than 30000)

Send a 30000 domain name test request to Sun Fire v240:
V240: // #./queryperf-d test-s 192.168.0.55

DNS query performance testing tool

Nominum version 2.1

Version: $ ID: queryperf. C, V 1.20 2005/03/08 19:10:03 gson exp $

[Status] processing input data
[Status] sending queries (beginning with 192.168.0.55)
[Timeout] query timed out: MSG Id 1
[Timeout] query timed out: msg id 3
[...
Warning: received a response with an unexpected (maybe timed out) ID: 28
[Status] Testing complete

Statistics:

Parse input file: once
Ended due to: reaching end of File

Queries sent: 33000 queries
Queries completed: 32980 queries
Queries lost: 20 queries

Percentage completed: 99.94%
Percentage lost: 0.06%

Started at: Fri Jul 8 14:48:36 2005
Finished at: Fri Jul 8 14:48:53 2005
Ran for: 17.379295 seconds

Queries per second: 1897.660406 QPS

That is, Sun Fire v240 (1X1 GHz usiiii, 1897.7 MB memory). In this test environment, 0.06% DNS requests are processed per second, with a loss rate.

5. Install the nominum Foundation System DNS Software

Modify the configuration and uninstall the bind dns Service:

V240:/# pkill-9 named

V240:/# svcadm disable svc:/Network/DNS/Server: Default

V240:/# vi/etc/resolv. conf
Nameserver 192.168.0.20 // local IP Address

Solution:

V240: // uncompress cns-1.5.3.2e-2-2005.10.01-solaris-10-sparc.tar.Z
V240:/# tar xvf cns-1.5.3.2e-2-2005.10.01-solaris-10-sparc.tar

Install nominum Foundation CNS:

V240: // # pkgadd-D nomutils-2.0.27.0.1-sol10-sparc
V240: // # pkgadd-D cns-1.5.3.2.2-sol10-sparc
V240: // # pkgadd-D nomnanny-2.0.27.0.1-sol10-sparc
V240: // # pkgadd-D nomsdk-2.0.27.1.1-sol10-sparc
V240: // # pkgadd-D snmpproxy-1.0.3.3.3-sol10-sparc
(The answer is yes)

Start the nominum Foundation CNNs DNS Service:

V240: // #/etc/init. d/Central start

6. Test DNS-nominum Foundation CNS

The test domain name is the same as bind 9.2.4

10 or 100 concurrent requests, send more than 30000 DNS requests to Sun Fire v240:

V240: // #./queryperf-d test-s v240-Q 10

DNS query performance testing tool

Nominum version 2.1

Version: $ ID: queryperf. C, V 1.20 2005/03/08 19:10:03 gson exp $

[Status] processing input data
[Status] sending queries (beginning with 192.168.0.55)
[Status] Testing complete

Statistics:

Parse input file: once
Ended due to: reaching end of File

Queries sent: 33000 queries
Queries completed: 33000 queries
Queries lost: 0 queries

Percentage completed: 100.00%
Percentage lost: 0.00%

Started at: Fri Jul 8 15:41:28 2005
Finished at: Fri Jul 8 15:41:32 2005
Ran for: 4.336514 seconds

Queries per second: 7609.799023 QPS

That is, Sun Fire v240 (1X1 GHz usiiii, 7609.8 MB memory). In this test environment, 0.00% DNS requests are processed per second without loss.

Performance improvement:

7609.8 times per second/1897.7 times per second = 4.01 times
(Sun Fire v20z, 1x1.6 GHz amd opteron, 20354 QPS)

7. Conclusion

Nominum is the developer of the BIND and nominum Foundation CNS. Is the DNS performance four times different on a small server with a CPU and MB of memory? The test value is shown in this way, but what is wrong with the test method? I have some questions. Please comment.

In this case, the common provincial DNS processing is about QPS. Can it be done without one CPU? However, China Telecom often uses Sun Fire v890 servers and 8x dual-core servers. Is it 16x times the performance?

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.