1dnsperf(1)                  General Commands Manual                 dnsperf(1)
2
3
4

NAME

6       dnsperf - test the performance of a DNS server
7

SYNOPSIS

9       dnsperf [-a local_addr] [-b bufsize] [-c clients] [-d datafile] [-D]
10       [-e] [-E code:secret] [-f family] [-h] [-l limit]
11       [-n runs_through_file] [-p port] [-q num_queries] [-Q max_qps]
12       [-s server_addr] [-S stats_interval] [-t timeout] [-T threads] [-u]
13       [-v] [-x local_port] [-y [alg:]name:secret]
14

DESCRIPTION

16       dnsperf  is  a DNS server performance testing tool. It is primarily in‐
17       tended for measuring the performance of authoritative DNS servers,  but
18       it  can  also  be  used  for  measuring caching server performance in a
19       closed laboratory environment. For testing  caching  servers  resolving
20       against the live Internet, the resperf program is preferred.
21
22       It is recommended that dnsperf and the name server under test be run on
23       separate machines, so that the CPU usage of  dnsperf  itself  does  not
24       slow  down the name server. The two machines should be connected with a
25       fast network, preferably a dedicated Gigabit Ethernet segment.  Testing
26       through a router or firewall is not advisable.
27
28   Configuring the name server
29       If using dnsperf to test an authoritative server, the name server under
30       test should be set up to serve one or more zones similar  in  size  and
31       number to what the server is expected to serve in production.
32
33       Also,  be  sure to turn off recursion in the server's configuration (in
34       BIND 8/9, specify "recursion no;" in the options block). In BIND 8, you
35       should  also specify "fetch-glue no;"; otherwise the server may attempt
36       to retrieve glue information from the Internet during the test, slowing
37       it down by an unpredictable factor.
38
39   Constructing a query input file
40       A  dnsperf  input  file  should  contain  a  large and realistic set of
41       queries, on the order of ten thousand to a million. The input file con‐
42       tains  one  line  per query, consisting of a domain name and an RR type
43       name separated by a space. The class of the query is implicitly IN.
44
45       When measuring the performance serving non-terminal zones such  as  the
46       root zone or TLDs, note that such servers spend most of their time pro‐
47       viding referral responses, not authoritative answers. Therefore, a  re‐
48       alistic input file might consist mostly of queries for type A for names
49       *below*, not at, the delegations present in the zone. For example, when
50       testing  the performance of a server configured to be authoritative for
51       the top-level domain "fi.", which contains delegations for domains like
52       "helsinki.fi" and "turku.fi", the input file could contain lines like
53
54              www.turku.fi A
55              www.helsinki.fi A
56
57       where  the "www" prefix ensures that the server will respond with a re‐
58       ferral.  Ideally, a realistic proportion of queries for nonexistent do‐
59       mains should be mixed in with those for existing ones, and the lines of
60       the input file should be in a random order.
61
62   Constructing a dynamic update input file
63       To test dynamic update performance, dnsperf is run with the -u  option,
64       and the input file is constructed of blocks of lines describing dynamic
65       update messages. The first line in a block contains the zone name:
66
67              example.com
68
69       Subsequent lines contain prerequisites, if there are any. Prerequisites
70       can  specify  that a name may or may not exist, an rrset may or may not
71       exist, or an rrset exists and its rdata matches all specified rdata for
72       that  name and type. The keywords "require" and "prohibit" are followed
73       by the appropriate information. All relative names are considered to be
74       relative to the zone name. The following lines show the 5 types of pre‐
75       requisites.
76
77              require a
78              require a A
79              require a A 1.2.3.4
80              prohibit x
81              prohibit x A
82
83       Subsequent lines contain records to be added, records  to  be  deleted,
84       rrsets  to  be  deleted,  or names to be deleted. The keywords "add" or
85       "delete" are followed by  the  appropriate  information.  All  relative
86       names  are  considered  to  be relative to the zone name. The following
87       lines show the 4 types of updates.
88
89              add x 3600 A 10.1.2.3
90              delete y A 10.1.2.3
91              delete z A
92              delete w
93
94       Each update message is terminated by a line containing the command:
95
96              send
97
98   Running the tests
99       When running dnsperf, a data file (the -d option) and  server  (the  -s
100       option)  will  normally  be  specified. The output of dnsperf is mostly
101       self-explanatory. Pay attention to the number of  dropped  packets  re‐
102       ported  -  when  running  the test over a local Ethernet connection, it
103       should be zero. If one or more packets has been dropped, there may be a
104       problem  with  the network connection. In that case, the results should
105       be considered suspect and the test repeated.
106

OPTIONS

108       -a local_addr
109              Specifies the local address from which to send requests. The de‐
110              fault is the wildcard address.
111
112       -b bufsize
113              Sets the size of the socket's send and receive buffers, in kilo‐
114              bytes. If not specified, the operating system's default is used.
115
116       -c clients
117              Act as multiple clients. Requests are sent from  multiple  sock‐
118              ets. The default is to act as 1 client.
119
120       -d datafile
121              Specifies  the  input  data file. If not specified, dnsperf will
122              read from standard input.
123
124       -D
125              Sets the DO (DNSSEC OK) bit [RFC3225] in all packets sent.  This
126              also enables EDNS0, which is required for DNSSEC.
127
128       -e
129              Enables  EDNS0 [RFC2671], by adding an OPT record to all packets
130              sent.
131
132       -E code:value
133              Add an EDNS [RFC2671] option to  all  packets  sent,  using  the
134              specified numeric option code and value expressed as a a hex-en‐
135              coded string. This also enables EDNS0.
136
137       -f family
138              Specifies the address family used for sending DNS  packets.  The
139              possible values are "inet", "inet6", or "any". If "any" (the de‐
140              fault value) is specified, dnsperf will  use  whichever  address
141              family is appropriate for the server it is sending packets to.
142
143       -h
144              Print a usage statement and exit.
145
146       -l limit
147              Specifies  a  time limit for the run, in seconds. This may cause
148              the input to be read multiple times, or only some of  the  input
149              to  be read. The default behavior is to read the input once, and
150              have no specific time limit.
151
152       -n runs_through_file
153              Run through the input file at most this many times. If  no  time
154              limit  is  set,  the  file  will  be read exactly this number of
155              times; if a time limit is set, the file may be read fewer times.
156
157       -p port
158              Sets the port on which the DNS packets are sent. If  not  speci‐
159              fied, the standard DNS port (53) is used.
160
161       -q num_queries
162              Sets the maximum number of outstanding requests. When this value
163              is reached, dnsperf will not send any more requests until either
164              responses  are  received or requests time out. The default value
165              is 100.
166
167       -Q max_qps
168              Limits the number of requests per second. There  is  no  default
169              limit.
170
171       -s server_addr
172              Specifies  the  name  or address of the server to which requests
173              will be sent.  The default is the loopback address, 127.0.0.1.
174
175       -S stats_interval
176              If this parameter is specified, a count of the number of queries
177              per  second  during  the  interval  will  be  printed  out every
178              stats_interval seconds.
179
180       -t timeout
181              Specifies the request timeout value, in seconds. dnsperf will no
182              longer  wait  for  a response to a particular request after this
183              many seconds have elapsed. The default is 5 seconds.
184
185       -T threads
186              Run multiple client threads. By default, dnsperf uses one thread
187              for  sending requests and one thread for receiving responses. If
188              this option is specified, dnsperf will instead use  N  pairs  of
189              send/receive threads.
190
191       -u
192              Instructs  dnsperf  to  send DNS dynamic update messages, rather
193              than queries. The format of the input file is different in  this
194              case; see the "Constructing a dynamic update input file" section
195              for more details.
196
197       -v
198              Enables verbose mode. The DNS RCODE of each response will be re‐
199              ported to standard output when the response is received, as will
200              the latency. If a query times out, it will be reported with  the
201              special  string "T" instead of a normal DNS RCODE. If a query is
202              interrupted, it will be reported with the special string "I".
203
204       -x local_port
205              Specifies the local port from which to send  requests.  The  de‐
206              fault is the wildcard port (0).
207
208              If  acting  as  multiple  clients and the wildcard port is used,
209              each client will use a different random port. If a port is spec‐
210              ified,  the  clients will use a range of ports starting with the
211              specified one.
212
213       -y [alg:]name:secret
214              Add a TSIG record [RFC2845] to all packets sent, using the spec‐
215              ified  TSIG  key algorithm, name and secret, where the algorithm
216              defaults to hmac-md5 and the secret is expressed  as  a  base-64
217              encoded string.
218

SEE ALSO

220       resperf(1)
221

AUTHOR

223       Nominum, Inc.
224
225       Maintained by DNS-OARC
226
227              https://www.dns-oarc.net/
228

BUGS

230       For issues and feature requests please use:
231
232              https://github.com/DNS-OARC/dnsperf/issues
233
234       For question and help please use:
235
236              admin@dns-oarc.net
237
238dnsperf                              2.2.1                          dnsperf(1)
Impressum