[dns-operations] .ORG still using SHA-1 DNSKEYs

Vladimír Čunát vladimir.cunat+ietf at nic.cz
Fri Feb 7 10:35:41 UTC 2020


On 2/7/20 10:51 AM, James Stevens wrote:
>> - You would be surprised how slow UDP packet processing in kernel can
>> be ;-)
>
> Often UDP slowness is due to the fact that each packet requires a
> context-switch from kernel to user-space, and back for the reply.
>
> So the bottleneck on a DNS server is generally how fast the CPU can
> context switch, and this often had a hardwired limit. In that you can
> top out the packet throughput with the CPU still showing %idle.
>
> I believe there is (or has been) a dev going on in the kernel to fix
> this.
>
> I might be behind the curve, I've not looked into it for a bit. 

Actually the multi-packet API (sendmmsg + recvmmsg) did not help that
much in our benchmarks (with Knot DNS and Knot Resolver), though it
seems worth using.  "Bypassing" the kernel's networking stack did help
way more - incidentally Libor Peltan is presenting about that at
tomorrow's OARC :-)

--Vladimir

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20200207/f91a67ab/attachment.html>


More information about the dns-operations mailing list