1dnsperf(1) General Commands Manual dnsperf(1)
2
6 dnsperf - test the performance of a DNS server
7
9 dnsperf [-a local_addr] [-b bufsize] [-c clients] [-d datafile] [-D]
10 [-e] [-E code:secret] [-f family] [-h] [-l limit] [-m mode]
11 [-n runs_through_file] [-p port] [-q num_queries] [-Q max_qps]
12 [-s server_addr] [-S stats_interval] [-t timeout] [-T threads] [-u]
13 [-v] [-x local_port] [-y [alg:]name:secret]
14
16 dnsperf is a DNS server performance testing tool. It is primarily in‐
17 tended for measuring the performance of authoritative DNS servers, but
18 it can also be used for measuring caching server performance in a
19 closed laboratory environment. For testing caching servers resolving
20 against the live Internet, the resperf program is preferred.
21 It is recommended that dnsperf and the name server under test be run on
23 separate machines, so that the CPU usage of dnsperf itself does not
24 slow down the name server. The two machines should be connected with a
25 fast network, preferably a dedicated Gigabit Ethernet segment. Testing
26 through a router or firewall is not advisable.
27 Configuring the name server
29 If using dnsperf to test an authoritative server, the name server under
30 test should be set up to serve one or more zones similar in size and
31 number to what the server is expected to serve in production.
32 Also, be sure to turn off recursion in the server's configuration (in
34 BIND 8/9, specify "recursion no;" in the options block). In BIND 8, you
35 should also specify "fetch-glue no;"; otherwise the server may attempt
36 to retrieve glue information from the Internet during the test, slowing
37 it down by an unpredictable factor.
38 Constructing a query input file
40 A dnsperf input file should contain a large and realistic set of
41 queries, on the order of ten thousand to a million. The input file con‐
42 tains one line per query, consisting of a domain name and an RR type
43 name separated by a space. The class of the query is implicitly IN.
44 When measuring the performance serving non-terminal zones such as the
46 root zone or TLDs, note that such servers spend most of their time pro‐
47 viding referral responses, not authoritative answers. Therefore, a re‐
48 alistic input file might consist mostly of queries for type A for names
49 *below*, not at, the delegations present in the zone. For example, when
50 testing the performance of a server configured to be authoritative for
51 the top-level domain "fi.", which contains delegations for domains like
52 "helsinki.fi" and "turku.fi", the input file could contain lines like
53 www.turku.fi A
55 www.helsinki.fi A
56 where the "www" prefix ensures that the server will respond with a re‐
58 ferral. Ideally, a realistic proportion of queries for nonexistent do‐
59 mains should be mixed in with those for existing ones, and the lines of
60 the input file should be in a random order.
61 Constructing a dynamic update input file
63 To test dynamic update performance, dnsperf is run with the -u option,
64 and the input file is constructed of blocks of lines describing dynamic
65 update messages. The first line in a block contains the zone name:
66 example.com
68 Subsequent lines contain prerequisites, if there are any. Prerequisites
70 can specify that a name may or may not exist, an rrset may or may not
71 exist, or an rrset exists and its rdata matches all specified rdata for
72 that name and type. The keywords "require" and "prohibit" are followed
73 by the appropriate information. All relative names are considered to be
74 relative to the zone name. The following lines show the 5 types of pre‐
75 requisites.
76 require a
78 require a A
79 require a A 1.2.3.4
80 prohibit x
81 prohibit x A
82 Subsequent lines contain records to be added, records to be deleted,
84 rrsets to be deleted, or names to be deleted. The keywords "add" or
85 "delete" are followed by the appropriate information. All relative
86 names are considered to be relative to the zone name. The following
87 lines show the 4 types of updates.
88 add x 3600 A 10.1.2.3
90 delete y A 10.1.2.3
91 delete z A
92 delete w
93 Each update message is terminated by a line containing the command:
95 send
97 Running the tests
99 When running dnsperf, a data file (the -d option) and server (the -s
100 option) will normally be specified. The output of dnsperf is mostly
101 self-explanatory. Pay attention to the number of dropped packets re‐
102 ported - when running the test over a local Ethernet connection, it
103 should be zero. If one or more packets has been dropped, there may be a
104 problem with the network connection. In that case, the results should
105 be considered suspect and the test repeated.
106
108 -a local_addr
109 Specifies the local address from which to send requests. The de‐
110 fault is the wildcard address.
111 -b bufsize
113 Sets the size of the socket's send and receive buffers, in kilo‐
114 bytes. If not specified, the operating system's default is used.
115 -c clients
117 Act as multiple clients. Requests are sent from multiple sock‐
118 ets. The default is to act as 1 client.
119 -d datafile
121 Specifies the input data file. If not specified, dnsperf will
122 read from standard input.
123 -D
125 Sets the DO (DNSSEC OK) bit [RFC3225] in all packets sent. This
126 also enables EDNS0, which is required for DNSSEC.
127 -e
129 Enables EDNS0 [RFC2671], by adding an OPT record to all packets
130 sent.
131 -E code:value
133 Add an EDNS [RFC2671] option to all packets sent, using the
134 specified numeric option code and value expressed as a a hex-en‐
135 coded string. This also enables EDNS0.
136 -f family
138 Specifies the address family used for sending DNS packets. The
139 possible values are "inet", "inet6", or "any". If "any" (the de‐
140 fault value) is specified, dnsperf will use whichever address
141 family is appropriate for the server it is sending packets to.
142 -h
144 Print a usage statement and exit.
145 -l limit
147 Specifies a time limit for the run, in seconds. This may cause
148 the input to be read multiple times, or only some of the input
149 to be read. The default behavior is to read the input once, and
150 have no specific time limit.
151 -n runs_through_file
153 Run through the input file at most this many times. If no time
154 limit is set, the file will be read exactly this number of
155 times; if a time limit is set, the file may be read fewer times.
156 -p port
158 Sets the port on which the DNS packets are sent. If not speci‐
159 fied, the standard DNS port (udp/tcp 53, tls 853) is used.
160 -q num_queries
162 Sets the maximum number of outstanding requests. When this value
163 is reached, dnsperf will not send any more requests until either
164 responses are received or requests time out. The default value
165 is 100.
166 -Q max_qps
168 Limits the number of requests per second. There is no default
169 limit.
170 -m mode
172 Specifies the transport mode to use, "udp", "tcp" or "tls". De‐
173 fault is "udp".
174 -s server_addr
176 Specifies the name or address of the server to which requests
177 will be sent. The default is the loopback address, 127.0.0.1.
178 -S stats_interval
180 If this parameter is specified, a count of the number of queries
181 per second during the interval will be printed out every
182 stats_interval seconds.
183 -t timeout
185 Specifies the request timeout value, in seconds. dnsperf will no
186 longer wait for a response to a particular request after this
187 many seconds have elapsed. The default is 5 seconds.
188 -T threads
190 Run multiple client threads. By default, dnsperf uses one thread
191 for sending requests and one thread for receiving responses. If
192 this option is specified, dnsperf will instead use N pairs of
193 send/receive threads.
194 -u
196 Instructs dnsperf to send DNS dynamic update messages, rather
197 than queries. The format of the input file is different in this
198 case; see the "Constructing a dynamic update input file" section
199 for more details.
200 -v
202 Enables verbose mode. The DNS RCODE of each response will be re‐
203 ported to standard output when the response is received, as will
204 the latency. If a query times out, it will be reported with the
205 special string "T" instead of a normal DNS RCODE. If a query is
206 interrupted, it will be reported with the special string "I".
207 Additional information regarding network readiness and conges‐
208 tion will also be reported.
209 -x local_port
211 Specifies the local port from which to send requests. The de‐
212 fault is the wildcard port (0).
213 If acting as multiple clients and the wildcard port is used,
215 each client will use a different random port. If a port is spec‐
216 ified, the clients will use a range of ports starting with the
217 specified one.
218 -y [alg:]name:secret
220 Add a TSIG record [RFC2845] to all packets sent, using the spec‐
221 ified TSIG key algorithm, name and secret, where the algorithm
222 defaults to hmac-md5 and the secret is expressed as a base-64
223 encoded string.
224
226 resperf(1)
227
229 Nominum, Inc.
230 Maintained by DNS-OARC
232 https://www.dns-oarc.net/
234
236 For issues and feature requests please use:
237 https://github.com/DNS-OARC/dnsperf/issues
239 For question and help please use:
241 admin@dns-oarc.net
243dnsperf 2.3.2 dnsperf(1)