From owner-freebsd-performance@FreeBSD.ORG  Fri Jun 15 00:08:06 2007
Return-Path: <owner-freebsd-performance@FreeBSD.ORG>
X-Original-To: performance@FreeBSD.org
Delivered-To: freebsd-performance@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id A11DD16A473;
	Fri, 15 Jun 2007 00:08:06 +0000 (UTC) (envelope-from cswiger@mac.com)
Received: from mail-out3.apple.com (mail-out3.apple.com [17.254.13.22])
	by mx1.freebsd.org (Postfix) with ESMTP id 87A1213C468;
	Fri, 15 Jun 2007 00:08:06 +0000 (UTC) (envelope-from cswiger@mac.com)
Received: from relay8.apple.com (relay8.apple.com [17.128.113.38])
	by mail-out3.apple.com (Postfix) with ESMTP id 8CBCB8DDBEC;
	Thu, 14 Jun 2007 16:51:52 -0700 (PDT)
Received: from relay8.apple.com (unknown [127.0.0.1])
	by relay8.apple.com (Symantec Mail Security) with ESMTP id 3E8DD4008B; 
	Thu, 14 Jun 2007 16:53:02 -0700 (PDT)
X-AuditID: 11807126-a1339bb000002ff2-ff-4671d4deddef
Received: from [17.214.13.96] (cswiger1.apple.com [17.214.13.96])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by relay8.apple.com (Apple SCV relay) with ESMTP id 1571E4005A;
	Thu, 14 Jun 2007 16:53:02 -0700 (PDT)
In-Reply-To: <20070614084817.GA81087@rot13.obsecurity.org>
References: <20070614084817.GA81087@rot13.obsecurity.org>
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <449EAA15-A4BC-4AAE-B3ED-B65E7A079877@mac.com>
Content-Transfer-Encoding: 7bit
From: Chuck Swiger <cswiger@mac.com>
Date: Thu, 14 Jun 2007 16:53:01 -0700
To: Kris Kennaway <kris@obsecurity.org>
X-Mailer: Apple Mail (2.752.2)
X-Brightmail-Tracker: AAAAAA==
Cc: smp@FreeBSD.org, performance@FreeBSD.org, current@FreeBSD.org
Subject: Re: BIND 9.4.1 performance on FreeBSD 6.2 vs. 7.0
X-BeenThere: freebsd-performance@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Performance/tuning <freebsd-performance.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-performance>,
	<mailto:freebsd-performance-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-performance>
List-Post: <mailto:freebsd-performance@freebsd.org>
List-Help: <mailto:freebsd-performance-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-performance>,
	<mailto:freebsd-performance-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jun 2007 00:08:06 -0000

Hi, Kris--

This was interesting, thanks for putting together the testing and  
graphs.

On Jun 14, 2007, at 1:48 AM, Kris Kennaway wrote:
> I have been benchmarking BIND 9.4.1 recursive query performance on an
> 8-core opteron, using the resperf utility (dns/dnsperf in ports).  The
> query data set was taken from www.freebsd.org's httpd-access.log with
> some of the highly aggressive robot IP addresses pruned out (to avoid
> huge numbers of repeated queries against a small subset of addresses,
> which would skew the results).

It's at least arguable that doing queries against a data set  
including a bunch of repeats is "skewed" in a more realistic  
fashion. :-)  A quick look at some of the data sources I have handy  
such as http access logs or Squid proxy logs suggests that (for  
example) out of a database of 17+ million requests, there were only  
46000 unique IPs involved.

You might find it interesting to compare doing queries against your  
raw and filtered datasets, just to see what kind of difference you  
get, if any.

> Testing was done over a broadcom gigabit ethernet cable connected
> back-to-back between two identical machines.  named was restarted in
> between tests to flush the cache.

What was the external network connectivity in terms of speed?  The  
docs suggest you need something like a 16MBs up/8 Mbs down  
connectivity in order to get up to 50K requests/sec....

[ ... ]
> It would be interesting to test BIND performance when acting as an
> authoritative server, which probably has very different performance
> characteristics; the difficulty there is getting access to a suitably
> interesting and representative zone file and query data.

I suppose you could also set up a test nameserver which claims to be  
authoritative for all of in-addr.arpa, and set up a bunch (65K?) /16  
reverse zone files, and then test against real unmodified IPs, but it  
would be easier to do something like this:

Set up a nameserver which is authoritative for 1.10.in-addr.arpa (ie,  
the reverse zone for 10.1/16), and use a zonefile with the $GENERATE  
directive to populate your PTR records:

$TTL    86400
$origin 1.10.in-addr.arpa.

@       IN      SOA     localhost. hostmaster.localhost. (
         1       ; serial (YYYYMMDD##)
         3h      ; Refresh 3 hours
         1h      ; Retry   1 hour
         30d     ; Expire  30 days
         1d )    ; Minimum 24 hours

@       NS      localhost.

$GENERATE 0-255 $.0 PTR ip-10-1-0-$.example.com.
$GENERATE 0-255 $.1 PTR ip-10-1-1-$.example.org.
$GENERATE 0-255 $.2 PTR ip-10-1-2-$.example.net.
; ...etc...

...and then feed it a query database consisting of PTR lookups.  If  
you wanted to, you could take your existing IP database, and glue the  
last two octets of the real IPs onto 10.1 to produce a reasonable  
assortment of IPs to perform a reverse lookup upon.

-- 
-Chuck