1dnsperf(1) General Commands Manual dnsperf(1)
2
3
4
6 dnsperf - test the performance of a DNS server
7
9 dnsperf [-a local_addr] [-b bufsize] [-c clients] [-d datafile] [-D]
10 [-e] [-E code:secret] [-f family] [-h] [-l limit] [-m mode]
11 [-n runs_through_file] [-p port] [-q num_queries] [-Q max_qps]
12 [-s server_addr] [-S stats_interval] [-t timeout] [-T threads] [-u]
13 [-v] [-x local_port] [-y [alg:]name:secret]
14
16 dnsperf is a DNS server performance testing tool. It is primarily in‐
17 tended for measuring the performance of authoritative DNS servers, but
18 it can also be used for measuring caching server performance in a
19 closed laboratory environment. For testing caching servers resolving
20 against the live Internet, the resperf program is preferred.
21
22 It is recommended that dnsperf and the name server under test be run on
23 separate machines, so that the CPU usage of dnsperf itself does not
24 slow down the name server. The two machines should be connected with a
25 fast network, preferably a dedicated Gigabit Ethernet segment. Testing
26 through a router or firewall is not advisable.
27
28 Configuring the name server
29 If using dnsperf to test an authoritative server, the name server under
30 test should be set up to serve one or more zones similar in size and
31 number to what the server is expected to serve in production.
32
33 Also, be sure to turn off recursion in the server's configuration (in
34 BIND 8/9, specify "recursion no;" in the options block). In BIND 8, you
35 should also specify "fetch-glue no;"; otherwise the server may attempt
36 to retrieve glue information from the Internet during the test, slowing
37 it down by an unpredictable factor.
38
39 Constructing a query input file
40 A dnsperf input file should contain a large and realistic set of
41 queries, on the order of ten thousand to a million. The input file con‐
42 tains one line per query, consisting of a domain name and an RR type
43 name separated by a space. The class of the query is implicitly IN.
44
45 When measuring the performance serving non-terminal zones such as the
46 root zone or TLDs, note that such servers spend most of their time pro‐
47 viding referral responses, not authoritative answers. Therefore, a re‐
48 alistic input file might consist mostly of queries for type A for names
49 *below*, not at, the delegations present in the zone. For example, when
50 testing the performance of a server configured to be authoritative for
51 the top-level domain "fi.", which contains delegations for domains like
52 "helsinki.fi" and "turku.fi", the input file could contain lines like
53
54 www.turku.fi A
55 www.helsinki.fi A
56
57 where the "www" prefix ensures that the server will respond with a re‐
58 ferral. Ideally, a realistic proportion of queries for nonexistent do‐
59 mains should be mixed in with those for existing ones, and the lines of
60 the input file should be in a random order.
61
62 Constructing a dynamic update input file
63 To test dynamic update performance, dnsperf is run with the -u option,
64 and the input file is constructed of blocks of lines describing dynamic
65 update messages. The first line in a block contains the zone name:
66
67 example.com
68
69 Subsequent lines contain prerequisites, if there are any. Prerequisites
70 can specify that a name may or may not exist, an rrset may or may not
71 exist, or an rrset exists and its rdata matches all specified rdata for
72 that name and type. The keywords "require" and "prohibit" are followed
73 by the appropriate information. All relative names are considered to be
74 relative to the zone name. The following lines show the 5 types of pre‐
75 requisites.
76
77 require a
78 require a A
79 require a A 1.2.3.4
80 prohibit x
81 prohibit x A
82
83 Subsequent lines contain records to be added, records to be deleted,
84 rrsets to be deleted, or names to be deleted. The keywords "add" or
85 "delete" are followed by the appropriate information. All relative
86 names are considered to be relative to the zone name. The following
87 lines show the 4 types of updates.
88
89 add x 3600 A 10.1.2.3
90 delete y A 10.1.2.3
91 delete z A
92 delete w
93
94 Each update message is terminated by a line containing the command:
95
96 send
97
98 Running the tests
99 When running dnsperf, a data file (the -d option) and server (the -s
100 option) will normally be specified. The output of dnsperf is mostly
101 self-explanatory. Pay attention to the number of dropped packets re‐
102 ported - when running the test over a local Ethernet connection, it
103 should be zero. If one or more packets has been dropped, there may be a
104 problem with the network connection. In that case, the results should
105 be considered suspect and the test repeated.
106
108 -a local_addr
109 Specifies the local address from which to send requests. The de‐
110 fault is the wildcard address.
111
112 -b bufsize
113 Sets the size of the socket's send and receive buffers, in kilo‐
114 bytes. If not specified, the operating system's default is used.
115
116 -c clients
117 Act as multiple clients. Requests are sent from multiple sock‐
118 ets. The default is to act as 1 client.
119
120 -d datafile
121 Specifies the input data file. If not specified, dnsperf will
122 read from standard input.
123
124 -D
125 Sets the DO (DNSSEC OK) bit [RFC3225] in all packets sent. This
126 also enables EDNS0, which is required for DNSSEC.
127
128 -e
129 Enables EDNS0 [RFC2671], by adding an OPT record to all packets
130 sent.
131
132 -E code:value
133 Add an EDNS [RFC2671] option to all packets sent, using the
134 specified numeric option code and value expressed as a a hex-en‐
135 coded string. This also enables EDNS0.
136
137 -f family
138 Specifies the address family used for sending DNS packets. The
139 possible values are "inet", "inet6", or "any". If "any" (the de‐
140 fault value) is specified, dnsperf will use whichever address
141 family is appropriate for the server it is sending packets to.
142
143 -h
144 Print a usage statement and exit.
145
146 -l limit
147 Specifies a time limit for the run, in seconds. This may cause
148 the input to be read multiple times, or only some of the input
149 to be read. The default behavior is to read the input once, and
150 have no specific time limit.
151
152 -n runs_through_file
153 Run through the input file at most this many times. If no time
154 limit is set, the file will be read exactly this number of
155 times; if a time limit is set, the file may be read fewer times.
156
157 -p port
158 Sets the port on which the DNS packets are sent. If not speci‐
159 fied, the standard DNS port (udp/tcp 53, tls 853) is used.
160
161 -q num_queries
162 Sets the maximum number of outstanding requests. When this value
163 is reached, dnsperf will not send any more requests until either
164 responses are received or requests time out. The default value
165 is 100.
166
167 -Q max_qps
168 Limits the number of requests per second. There is no default
169 limit.
170
171 -m mode
172 Specifies the transport mode to use, "udp", "tcp" or "tls". De‐
173 fault is "udp".
174
175 -s server_addr
176 Specifies the name or address of the server to which requests
177 will be sent. The default is the loopback address, 127.0.0.1.
178
179 -S stats_interval
180 If this parameter is specified, a count of the number of queries
181 per second during the interval will be printed out every
182 stats_interval seconds.
183
184 -t timeout
185 Specifies the request timeout value, in seconds. dnsperf will no
186 longer wait for a response to a particular request after this
187 many seconds have elapsed. The default is 5 seconds.
188
189 -T threads
190 Run multiple client threads. By default, dnsperf uses one thread
191 for sending requests and one thread for receiving responses. If
192 this option is specified, dnsperf will instead use N pairs of
193 send/receive threads.
194
195 -u
196 Instructs dnsperf to send DNS dynamic update messages, rather
197 than queries. The format of the input file is different in this
198 case; see the "Constructing a dynamic update input file" section
199 for more details.
200
201 -v
202 Enables verbose mode. The DNS RCODE of each response will be re‐
203 ported to standard output when the response is received, as will
204 the latency. If a query times out, it will be reported with the
205 special string "T" instead of a normal DNS RCODE. If a query is
206 interrupted, it will be reported with the special string "I".
207 Additional information regarding network readiness and conges‐
208 tion will also be reported.
209
210 -x local_port
211 Specifies the local port from which to send requests. The de‐
212 fault is the wildcard port (0).
213
214 If acting as multiple clients and the wildcard port is used,
215 each client will use a different random port. If a port is spec‐
216 ified, the clients will use a range of ports starting with the
217 specified one.
218
219 -y [alg:]name:secret
220 Add a TSIG record [RFC2845] to all packets sent, using the spec‐
221 ified TSIG key algorithm, name and secret, where the algorithm
222 defaults to hmac-md5 and the secret is expressed as a base-64
223 encoded string.
224
226 resperf(1)
227
229 Nominum, Inc.
230
231 Maintained by DNS-OARC
232
233 https://www.dns-oarc.net/
234
236 For issues and feature requests please use:
237
238 https://github.com/DNS-OARC/dnsperf/issues
239
240 For question and help please use:
241
242 admin@dns-oarc.net
243
244dnsperf 2.3.2 dnsperf(1)