Benchmarking Authoritative DNS Servers

In this paper, we examine the performance of four authoritative DNS server implementations (BIND, NSD, Knot DNS, and YADIFA). In our tests, we apply the measurement procedure defined in Section 9 of RFC 8219. Our aim is threefold: to provide DNS operators with ready to use measurement results to support their selection of the best fitting authoritative DNS server implementation for their needs, to assist researchers and DNS64 server developers in finding a suitable authoritative DNS server implementation for their DNS64 benchmarking measurements, and to advance the theory and practice of benchmarking DNS servers. We examine how the different conditions such as the number of active CPU cores, the size of the zone file, the applied timeout, and the type of the processor influence the performance of the tested authoritative DNS server implementations. The performance of all four tested DNS servers scales up more or less well with the number of CPU cores, except for YADIFA. The increase of the size of the zone file causes significant degradation only in the performance of BIND, which shows different anomalies described in the paper. The change of the timeout from 250ms (required by RFC 8219) to 100ms usually causes only a small performance degradation. We point out that NSD and Knot DNS can achieve an order of magnitude higher performance than BIND and YADIFA.

[1]  Jun Murai,et al.  Research of method for DNS performance measurement and evaluation based on benchmark DNS servers , 2006 .

[2]  Youki Kadobayashi,et al.  Comprehensive Survey of IPv6 Transition Technologies: A Subjective Classification for Security Analysis , 2019, IEICE Trans. Commun..

[3]  Remco van Mook,et al.  Measures for Making DNS More Resilient against Forged Answers , 2009, RFC.

[4]  Marcelo Bagnulo,et al.  DNS64: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers , 2011, RFC.

[5]  Willem Toorop,et al.  Analysis of DNS Resolver Performance Measurements , 2015 .

[6]  Marcelo Bagnulo,et al.  The NAT64/DNS64 tool suite for IPv6 transition , 2012, IEEE Communications Magazine.

[8]  Gábor Lencse,et al.  Design and Implementation of a Test Program for Benchmarking DNS64 Servers , 2017, IEICE Trans. Commun..

[9]  Gábor Lencse,et al.  Benchmarking Methodology for IPv6 Transition Technologies , 2017, RFC.

[10]  Paul Kavanagh,et al.  The Open Source Definition , 2004 .

[11]  Youki Kadobayashi,et al.  Benchmarking methodology for DNS64 servers , 2017, Comput. Commun..

[12]  Y. Kadobayashi,et al.  Methodology for DNS Cache Poisoning Vulnerability Analysis of DNS 64 Implementations , 2018 .

[13]  Youki Kadobayashi,et al.  Benchmarking DNS64 implementations: Theory and practice , 2018, Comput. Commun..

[14]  Youki Kadobayashi,et al.  Methodology for the identification of potential security issues of different IPv6 transition technologies: Threat analysis of DNS64 and stateful NAT64 , 2018, Comput. Secur..

[15]  Gábor Lencse,et al.  Performance analysis and comparison of four DNS64 implementations under different free operating systems , 2016, Telecommunication Systems.

[16]  Marcelo Bagnulo,et al.  Internet Engineering Task Force (ietf) Stateful Nat64: Network Address and Protocol Translation from Ipv6 Clients to Ipv4 Servers , 2011 .

[17]  Gábor Lencse,et al.  Checking and Increasing the Accuracy of the Dns64perf++ Measurement Tool for Benchmarking DNS64 Servers , 2018 .