1DNSPERF(1) DNSPERF(1)
2
6 dnsperf - test the performance of a DNS server
7
9 dnsperf [ -1 ] [ -A ] [ -b bufsize ] [ -c ] [ -d datafile ] [ -D ]
10 [ -e ] [ -f family ] [ -h ] [ -H histogram_buckets ] [ -l limit ]
11 [ -p port ] [ -q num_queries ] [ -Q max_qps ] [ -s server_addr ] [
12 -t timeout ] [ -T histogram_seconds ] [ -u ] [ -v ] [ -y
13 name:secret ]
14
16 dnsperf is a DNS server performance testing tool. It is primarily
17 intended for measuring the performance of authoritative DNS servers,
18 but it can also be used for measuring caching server performance in a
19 closed laboratory environment. For testing caching servers resolving
20 against the live Internet, the resperf program is preferred.
21 It is recommended that dnsperf and the name server under test be run on
23 separate machines, so that the CPU usage of dnsperf itself does not
24 slow down the name server. The two machines should be connected with a
25 fast network, preferably a dedicated Gigabit Ethernet segment. Testing
26 through a router or firewall is not advisable.
27 CONFIGURING THE NAME SERVER
29 If using dnsperf to test an authoritative server, the name server under
30 test should be set up to serve one or more zones similar in size and
31 number to what the server is expected to serve in production.
32 Also, be sure to turn off recursion in the server's configuration (in
34 BIND 8/9, specify "recursion no;" in the options block). In BIND 8,
35 you should also specify "fetch-glue no;"; otherwise the server may
36 attempt to retrieve glue information from the Internet during the test,
37 slowing it down by an unpredictable factor.
38 CONSTRUCTING A QUERY INPUT FILE
40 A dnsperf input file should contain a large and realistic set of
41 queries, on the order of ten thousand to a million. The input file con‐
42 tains one line per query, consisting of a domain name and an RR type
43 name separated by a space. The class of the query is implicitly IN.
44 When measuring the performance serving non-terminal zones such as the
46 root zone or TLDs, note that such servers spend most of their time pro‐
47 viding referral responses, not authoritative answers. Therefore, a
48 realistic input file might consist mostly of queries for type A for
49 names *below*, not at, the delegations present in the zone. For exam‐
50 ple, when testing the performance of a server configured to be authori‐
51 tative for the top-level domain "fi.", which contains delegations for
52 domains like "helsinki.fi" and "turku.fi", the input file could contain
53 lines like
54 www.turku.fi A
56 www.helsinki.fi A
57 where the "www" prefix ensures that the server will respond with a
60 referral. Ideally, a realistic proportion of queries for nonexistent
61 domains should be mixed in with those for existing ones, and the lines
62 of the input file should be in a random order.
63 CONSTRUCTING A DYNAMIC UPDATE INPUT FILE
65 To test dynamic update performance, dnsperf is run with the -u option,
66 and the input file is constructed of blocks of lines describing dynamic
67 update messages. The first line in a block contains the zone name:
68 example.com
70 Subsequent lines contain prerequisites, if there are any. Prerequi‐
73 sites can specify that a name may or may not exist, an rrset may or may
74 not exist, or an rrset exists and its rdata matches all specified rdata
75 for that name and type. The keywords "require" and "prohibit" are fol‐
76 lowed by the appropriate information. All relative names are considered
77 to be relative to the zone name. The following lines show the 5 types
78 of prerequisites.
79 require a
81 require a A
82 require a A 1.2.3.4
83 prohibit x
84 prohibit x A
85 Subsequent lines contain records to be added, records to be deleted,
88 rrsets to be deleted, or names to be deleted. The keywords "add" or
89 "delete" are followed by the appropriate information. All relative
90 names are considered to be relative to the zone name. The following
91 lines show the 4 types of updates.
92 add x 3600 A 10.1.2.3
94 delete y A 10.1.2.3
95 delete z A
96 delete w
97 Each update message is terminated by a line containing the command:
100 send
102 RUNNING THE TESTS
106 When running dnsperf, a data file (the -d option) and server (the -s
107 option) will normally be specified. The output of dnsperf is mostly
108 self-explanatory. Pay attention to the number of dropped packets
109 reported - when running the test over a local Ethernet connection, it
110 should be zero. If one or more packets has been dropped, there may be a
111 problem with the network connection. In that case, the results should
112 be considered suspect and the test repeated.
113 MEASURING LATENCY
115 When the -H option is specified, the statistics output will include a
116 histogram (a.k.a. bar chart) showing the distribution of response
117 latencies. This is intended mainly for testing caching servers, as the
118 latencies of authoritative servers typically are negligible compared to
119 network and queueing delays.
120 A typical histogram might contain 50 buckets representing latencies
122 from 0 to 1 second in 20 millisecond increments. To print such a his‐
123 togram, pass dnsperf the options
124 -H 50 -T 1
126 If you are interested in responses that arrive several seconds late,
129 you can get a 10-second histogram using
130 -H 50 -T 10
132 The lengths of the bars in the bar chart are normalized such that the
135 widest bar is 60 characters wide, to allow the chart to be displayed in
136 an 80-column window or printed on an 80-column printer. Responses are
137 classified into successes and failures; successes are represented by
138 "#" characters and failures by "-" in the bars. The number of suc‐
139 cess/failure responses is also printed next to each bar.
140 The average latency is also printed; it takes into account both suc‐
142 cesses and failures. Note that requests that got no response at all
143 will not be included in the latency graph; this may unfairly skew the
144 average latency in favor of servers that drop requests (or respond with
145 an error later than the dnsperf timeout) over those from which an error
146 response is received.
147
149 -1 Run through the input file exactly once. This is the default if
150 no time limit is set.
151 -A Reports the command line arguments passed to dnsperf to standard
153 output as part of the final statistics.
154 -b bufsize
156 Sets the size of the socket's send and receive buffers, in kilo‐
157 bytes. If not specified, the default value is 32k.
158 -c Prints a count of the number of responses with each DNS RCODE as
160 part of the final statistics.
161 -d datafile
163 Specifies the input data file. If not specified, dnsperf will
164 read from standard input.
165 -D Sets the DO (DNSSEC OK) bit [RFC3225] in all packets sent. This
167 also enables EDNS0, which is required for DNSSEC.
168 -e Enables EDNS0 [RFC2671], by adding an OPT record to all packets
170 sent.
171 -f family
173 Specifies the address family used for sending DNS packets. The
174 possible values are "inet", "inet6", or "any". If "any" (the
175 default value) is specified, dnsperf will use whichever address
176 family is appropriate for the server it is sending packets to.
177 -h Print a usage statement and exit.
179 -H histogram_buckets
181 When specified, dnsperf will print a histogram showing response
182 latency after completing the run; the histogram will contain
183 this many buckets.
184 -l limit
186 Specifies a time limit for the run, in seconds. This may cause
187 the input to be read multiple times, or only some of the input
188 to be read. The default behavior is to read the input once, and
189 have no specific time limit.
190 -p port
192 Sets the port on which the DNS packets are sent. If not speci‐
193 fied, the standard DNS port (53) is used.
194 -q num_queries
196 Sets the maximum number of outstanding requests. When this value
197 is reached, dnsperf will not send any more requests until either
198 responses are received or requests time out. The default value
199 is 20.
200 -Q max_qps
202 Limits the number of requests per second. There is no default
203 limit.
204 -s server_addr
206 Specifies the name or address of the server to which requests
207 will be sent. The default is the loopback address, 127.0.0.1.
208 -t timeout
210 Specifies the request timeout value, in seconds. dnsperf will
211 no longer wait for a response to a particular request after this
212 many seconds have elapsed.
213 -T histogram_seconds
215 When specified, dnsperf will print a histogram showing response
216 latency after completing the run; the histogram will include
217 latencies up to this number of seconds. This should be used with
218 the -H option.
219 -u Instructs dnsperf to send DNS dynamic update messages, rather
221 than queries. The format of the input file is different in this
222 case; see the "Constructing a dynamic update input file" section
223 for more details.
224 -v Enables verbose mode. The DNS RCODE of each response will be
226 reported to standard output when the response is received. If a
227 query times out, it will be reported with the special string "T"
228 instead of a normal DNS RCODE.
229 -y name:secret
231 Add a TSIG record [RFC2845] to all packets sent, using the spec‐
232 ified TSIG key name and secret, where the secret is expressed as
233 a base-64 encoded string.
234
236 Nominum, Inc.
237
239 resperf(1)
240dnsperf December 4, 2007 DNSPERF(1)