8-9 February 2020
Hyatt Regency San Francisco
America/Los_Angeles timezone

DNS response rate speedup by using XDP

8 Feb 2020, 10:15
Bayview Room (Hyatt Regency San Francisco)

Bayview Room

Hyatt Regency San Francisco

5 Embarcadero Center San Francisco CA 94111 United States
No longer available: Standard Presentation Public Workshop


Libor Peltan (CZ.NIC)


For an authoritative DNS server, high response rate is not only useful to serve many clients, but also to withstand some flood attack attempts. While the basic answering routines are well optimized in most open-source DNS servers, profiling disclosed that 30% to 70% of CPU time of a highly-loaded server is spent on network I/O. It's not that Linux syscalls would be ineffectively implemented, but they do too much: firewall, routing, queuing, etc.

Using Berkeley Packet Filter, we can capture DNS-over-UDP packets before they arrive to Linux network stack, while passing the other traffic to the stack. Further, using eXpress Data Path, we can process the captured packets in our DNS application, and send the responses also bypassing the Linux stack.

In my talk, I will summarize the feature design, examine the obvious and hidden limitations, and share practical experiences from implementing XDP in Knot DNS authoritative server.

Talk Duration No longer available: 15 Minutes

Primary author

Libor Peltan (CZ.NIC)

Presentation Materials