3-5 October 2015
Fairmont Queen Elizabeth
US/Eastern timezone
Home > Timetable > Session details > Contribution details


Fairmont Queen Elizabeth - St-Francois
Public Workshop

Benchmarking of authoritative DNS servers and DNSSEC impact assessment


  • Mr. Tomas HLAVACEK

Primary authors

Abstract content

CZ.NIC Labs created and continues to actively develop Knot DNS authoritative DNS server. The development team puts substantial effort into optimizing the server performance and searching for new optimization opportunities. So we created a DISTEL-based lab for benchmarking not only our server but for comparing many different authoritative DNS servers and versions.

The presentation shows our method for collecting data, explain statistics that we use for testing hypotheses about the server performance and presents results for Knot 2.0 and others with regard to mixed DNSSEC and non-DNSSEC traffic.


Development of Knot DNS authoritative server is supposed to be driven by benchmarks. Generally we want to test all changes that might affect performance and compare them to the previous versions. The basic question is whether we can see any statistically significant improvement, especially in case the changes in measurement results are small and unevenly distributed. To answer that question we use Hotelling's test and occasionally ANOVA and regression analysis to go a bit deeper and provide developers with information they are interested in. Another application of these methods is assessment of DNSSEC performance impact by comparing different DNSSEC algorithms on the same data sets and same servers.

Please also consider this submission for the NANOG65 DNS track