Speaker
Mr
Francis Dupont
(ISC)
Description
There were many reasons to develop a TCP DNS performance test tool,
others than there was none available when I began:
- EDNS0 is not a 100% solution to DNSSEC and/or IPv6 large responses
- rate limiting could lead to more TCP queries via artificially
truncated UDP responses
- ICANN requires in its gTLD applicant guidebook page 218/5-6 module 5
section 5.2.2 some TCP performances...
- IXIA boxes could do the job but are a bit expensive
This presentation is about a TCP DNS performance test tool and its findings.
Summary
The tool works on Linux using specific real time system calls
(clock_gettime(), epoll(), etc) (the whole platform is Debian based).
Here are some examples of findings:
- the limit is in the number of established TCP connections per second,
not in the number of queries / responses
- listen() system call backlog tuning helps a bit but IMHO it is the
only tuning at the server application side which can help
- not blocking connect() system calls take an unexpected large amount
of time (I had to work a bit hard to get high rates, i.e., up to
blast the tool side kernel and to get > 50% losses)
- there are bad (for this purpose) interactions between tool and
server kernels
Primary author
Mr
Francis Dupont
(ISC)
