Oct 3 – 5, 2015
Fairmont Queen Elizabeth
US/Eastern timezone

Benchmarking of authoritative DNS servers and DNSSEC impact assessment

Oct 3, 2015, 4:00 PM
St-Francois (Fairmont Queen Elizabeth)


Fairmont Queen Elizabeth

900 René-Lévesque Blvd W Montreal, QC H3B 4A5 Canada
Public Workshop Public Workshop


Mr Tomas Hlavacek (CZ.NIC, z.s.p.o.)


CZ.NIC Labs created and continues to actively develop Knot DNS authoritative DNS server. The development team puts substantial effort into optimizing the server performance and searching for new optimization opportunities. So we created a DISTEL-based lab for benchmarking not only our server but for comparing many different authoritative DNS servers and versions. The presentation shows our method for collecting data, explain statistics that we use for testing hypotheses about the server performance and presents results for Knot 2.0 and others with regard to mixed DNSSEC and non-DNSSEC traffic.


Development of Knot DNS authoritative server is supposed to be driven by benchmarks. Generally we want to test all changes that might affect performance and compare them to the previous versions. The basic question is whether we can see any statistically significant improvement, especially in case the changes in measurement results are small and unevenly distributed. To answer that question we use Hotelling's test and occasionally ANOVA and regression analysis to go a bit deeper and provide developers with information they are interested in. Another application of these methods is assessment of DNSSEC performance impact by comparing different DNSSEC algorithms on the same data sets and same servers.

Please also consider this submission for the NANOG65 DNS track Yes

Primary author

Mr Tomas Hlavacek (CZ.NIC, z.s.p.o.)

Presentation materials