1dnsperf(1)                  General Commands Manual                 dnsperf(1)
2
3
4

NAME

6       dnsperf - test the performance of a DNS server
7

SYNOPSIS

9       dnsperf [-a local_addr] [-b bufsize] [-c clients] [-d datafile] [-D]
10       [-e] [-E code:secret] [-f family] [-h] [-l limit] [-m mode]
11       [-n runs_through_file] [-p port] [-q num_queries] [-Q max_qps]
12       [-s server_addr] [-S stats_interval] [-t timeout] [-T threads] [-u]
13       [-v] [-x local_port] [-y [alg:]name:secret]
14

DESCRIPTION

16       dnsperf  is  a DNS server performance testing tool. It is primarily in‐
17       tended for measuring the performance of authoritative DNS servers,  but
18       it  can  also  be  used  for  measuring caching server performance in a
19       closed laboratory environment. For testing  caching  servers  resolving
20       against the live Internet, the resperf program is preferred.
21
22       It is recommended that dnsperf and the name server under test be run on
23       separate machines, so that the CPU usage of  dnsperf  itself  does  not
24       slow  down the name server. The two machines should be connected with a
25       fast network, preferably a dedicated Gigabit Ethernet segment.  Testing
26       through a router or firewall is not advisable.
27
28   Configuring the name server
29       If using dnsperf to test an authoritative server, the name server under
30       test should be set up to serve one or more zones similar  in  size  and
31       number to what the server is expected to serve in production.
32
33       Also,  be  sure to turn off recursion in the server's configuration (in
34       BIND 8/9, specify "recursion no;" in the options block). In BIND 8, you
35       should  also specify "fetch-glue no;"; otherwise the server may attempt
36       to retrieve glue information from the Internet during the test, slowing
37       it down by an unpredictable factor.
38
39   Constructing a query input file
40       A  dnsperf  input  file  should  contain  a  large and realistic set of
41       queries, on the order of ten thousand to a million. The input file con‐
42       tains  one  line  per query, consisting of a domain name and an RR type
43       name separated by a space. The class of the query is implicitly IN.
44
45       When measuring the performance serving non-terminal zones such  as  the
46       root zone or TLDs, note that such servers spend most of their time pro‐
47       viding referral responses, not authoritative answers. Therefore, a  re‐
48       alistic input file might consist mostly of queries for type A for names
49       *below*, not at, the delegations present in the zone. For example, when
50       testing  the performance of a server configured to be authoritative for
51       the top-level domain "fi.", which contains delegations for domains like
52       "helsinki.fi" and "turku.fi", the input file could contain lines like
53
54              www.turku.fi A
55              www.helsinki.fi A
56
57       where  the "www" prefix ensures that the server will respond with a re‐
58       ferral.  Ideally, a realistic proportion of queries for nonexistent do‐
59       mains should be mixed in with those for existing ones, and the lines of
60       the input file should be in a random order.
61
62   Constructing a dynamic update input file
63       To test dynamic update performance, dnsperf is run with the -u  option,
64       and the input file is constructed of blocks of lines describing dynamic
65       update messages. The first line in a block contains the zone name:
66
67              example.com
68
69       Subsequent lines contain prerequisites, if there are any. Prerequisites
70       can  specify  that a name may or may not exist, an rrset may or may not
71       exist, or an rrset exists and its rdata matches all specified rdata for
72       that  name and type. The keywords "require" and "prohibit" are followed
73       by the appropriate information. All relative names are considered to be
74       relative to the zone name. The following lines show the 5 types of pre‐
75       requisites.
76
77              require a
78              require a A
79              require a A 1.2.3.4
80              prohibit x
81              prohibit x A
82
83       Subsequent lines contain records to be added, records  to  be  deleted,
84       rrsets  to  be  deleted,  or names to be deleted. The keywords "add" or
85       "delete" are followed by  the  appropriate  information.  All  relative
86       names  are  considered  to  be relative to the zone name. The following
87       lines show the 4 types of updates.
88
89              add x 3600 A 10.1.2.3
90              delete y A 10.1.2.3
91              delete z A
92              delete w
93
94       Each update message is terminated by a line containing the command:
95
96              send
97
98   Running the tests
99       When running dnsperf, a data file (the -d option) and  server  (the  -s
100       option)  will  normally  be  specified. The output of dnsperf is mostly
101       self-explanatory. Pay attention to the number of  dropped  packets  re‐
102       ported  -  when  running  the test over a local Ethernet connection, it
103       should be zero. If one or more packets has been dropped, there may be a
104       problem  with  the network connection. In that case, the results should
105       be considered suspect and the test repeated.
106

OPTIONS

108       -a local_addr
109              Specifies the local address from which to send requests. The de‐
110              fault is the wildcard address.
111
112       -b bufsize
113              Sets the size of the socket's send and receive buffers, in kilo‐
114              bytes. If not specified, the operating system's default is used.
115
116       -c clients
117              Act as multiple clients. Requests are sent from  multiple  sock‐
118              ets. The default is to act as 1 client.
119
120       -d datafile
121              Specifies  the  input  data file. If not specified, dnsperf will
122              read from standard input.
123
124       -D
125              Sets the DO (DNSSEC OK) bit [RFC3225] in all packets sent.  This
126              also enables EDNS0, which is required for DNSSEC.
127
128       -e
129              Enables  EDNS0 [RFC2671], by adding an OPT record to all packets
130              sent.
131
132       -E code:value
133              Add an EDNS [RFC2671] option to  all  packets  sent,  using  the
134              specified numeric option code and value expressed as a a hex-en‐
135              coded string. This also enables EDNS0.
136
137       -f family
138              Specifies the address family used for sending DNS  packets.  The
139              possible values are "inet", "inet6", or "any". If "any" (the de‐
140              fault value) is specified, dnsperf will  use  whichever  address
141              family is appropriate for the server it is sending packets to.
142
143       -h
144              Print a usage statement and exit.
145
146       -l limit
147              Specifies  a  time limit for the run, in seconds. This may cause
148              the input to be read multiple times, or only some of  the  input
149              to  be read. The default behavior is to read the input once, and
150              have no specific time limit.
151
152       -n runs_through_file
153              Run through the input file at most this many times. If  no  time
154              limit  is  set,  the  file  will  be read exactly this number of
155              times; if a time limit is set, the file may be read fewer times.
156
157       -p port
158              Sets the port on which the DNS packets are sent. If  not  speci‐
159              fied, the standard DNS port (udp/tcp 53, dot/tls 853) is used.
160
161       -q num_queries
162              Sets the maximum number of outstanding requests. When this value
163              is reached, dnsperf will not send any more requests until either
164              responses  are  received or requests time out. The default value
165              is 100.
166
167       -Q max_qps
168              Limits the number of requests per second. There  is  no  default
169              limit.
170
171       -m mode
172              Specifies   the   transport   mode   to  use,  "udp",  "tcp"  or
173              "dot"/"tls".  Default is "udp".
174
175       -s server_addr
176              Specifies the name or address of the server  to  which  requests
177              will be sent.  The default is the loopback address, 127.0.0.1.
178
179       -S stats_interval
180              If this parameter is specified, a count of the number of queries
181              per second  during  the  interval  will  be  printed  out  every
182              stats_interval seconds.
183
184       -t timeout
185              Specifies the request timeout value, in seconds. dnsperf will no
186              longer wait for a response to a particular  request  after  this
187              many seconds have elapsed. The default is 5 seconds.
188
189       -T threads
190              Run multiple client threads. By default, dnsperf uses one thread
191              for sending requests and one thread for receiving responses.  If
192              this  option  is  specified, dnsperf will instead use N pairs of
193              send/receive threads.
194
195       -u
196              Instructs dnsperf to send DNS dynamic  update  messages,  rather
197              than  queries. The format of the input file is different in this
198              case; see the "Constructing a dynamic update input file" section
199              for more details.
200
201       -v
202              Enables verbose mode. The DNS RCODE of each response will be re‐
203              ported to standard output when the response is received, as will
204              the  latency. If a query times out, it will be reported with the
205              special string "T" instead of a normal DNS RCODE. If a query  is
206              interrupted,  it  will  be reported with the special string "I".
207              Additional information regarding network readiness  and  conges‐
208              tion will also be reported.
209
210       -x local_port
211              Specifies  the  local  port from which to send requests. The de‐
212              fault is the wildcard port (0).
213
214              If acting as multiple clients and the  wildcard  port  is  used,
215              each client will use a different random port. If a port is spec‐
216              ified, the clients will use a range of ports starting  with  the
217              specified one.
218
219       -y [alg:]name:secret
220              Add a TSIG record [RFC2845] to all packets sent, using the spec‐
221              ified TSIG key algorithm, name and secret, where  the  algorithm
222              defaults  to  hmac-md5  and the secret is expressed as a base-64
223              encoded string.  Available algorithms are: hmac-md5,  hmac-sha1,
224              hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512.
225

SEE ALSO

227       resperf(1)
228

AUTHOR

230       Nominum, Inc.
231
232       Maintained by DNS-OARC
233
234              https://www.dns-oarc.net/
235

BUGS

237       For issues and feature requests please use:
238
239              https://github.com/DNS-OARC/dnsperf/issues
240
241       For question and help please use:
242
243              admin@dns-oarc.net
244
245dnsperf                              2.4.0                          dnsperf(1)
Impressum