[dns-operations] Database backed DNS Management Solutions

bert hubert bert.hubert at netherlabs.nl
Wed Feb 4 18:13:57 UTC 2009 

On Wed, Feb 04, 2009 at 11:41:02AM +0100, Shane Kerr wrote:
> Having said that... PowerDNS is missing a lot of features that an
> experienced BIND user will find hard to live without:
> 
>       * IXFR
>       * TSIG
>       * EDNS0

Hi Shane,

Thanks for your review of PowerDNS! As a proud author, I would like to make
some remarks though.

We do have EDNS0 since 2.9.22 (and since 3.1.7 in the PowerDNS Recursor).
Admittedly, that has only been released a week ago. We also serve DNSSEC
records, but don't do any DNSSEC algorithms. TSIG is halfway there.

> It was also missing such niceties as slave support for non-standard
> ports, also-notify, ID.SERVER, but there are (now) patches for these.

Most of which were written by Shane btw :-) You'll find them in the next
version of PowerDNS.

> Query rate on the version that I tested was about 10% of BIND on the
> same box (BIND did 59k queries/sec, NSD 77k queries/sec, and PowerDNS
> 5840 queries/sec). In a fit of stupidity, I did not note which versions
> were tested, but it is probably BIND 9.5, NSD 3.2, and PowerDNS 2.9.21.

If you compare apples to apples, and run PowerDNS with the zonefile backend,
you should find comparable if not better performance numbers. In one
benchmark we saw 80kpqs, which turned out to be limited by our query
generating hardware.

If you run typical data with typical match rates on the packet and
query caches, you should find 20-30kqps performance on 'real life data' with
short caching TTL times (60 seconds).

We have one big user running a 40kqps setup backed by PostgreSQL (powerdns
2.9.22).

So your summary is probably right for one run of uncached data, but it is
not a typical real life measurement. If your run was for real life data, I'd
love to know more. The rates you report are not typical for what we see in
production, and I'd love to help.

For another interesting benchmark, start a nameserver with 100000 domains,
and include the startup time in your measurements. Also fun. Even in BIND
zonefile mode, PowerDNS is up pretty quickly in that case. The largest BIND
zonefile backed setup we know of has 350000 domains (in Italy).

> Not a rigorous benchmark, but I think this should give you an idea about
> the kind of performance you can expect. Disks are slower than memory, it
> turns out. :)

Very much so. This is why PowerDNS offers the choice of BIND style
zonefiles, databases or possibly highly cached database access.

NSD also offers a very interesting proposition with its precompiled zones,
by the way.

A very interesting mode of operation is telling PowerDNS to maintain a 1
hour, or even a 24 hour cache of database accesses. PowerDNS 2.9.22 offers
a very fast (millisecond) cache purging interface, which allows the cache to
be purged selectively.

So on any change to the database, inform PowerDNS which zone you touched,
and all records within that zone are scrubbed from the cache.

The people with the 40kqps setup run like this, and it appears to work
really well, surviving DoS attacks even.

	Bert

-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services

More information about the dns-operations mailing list