[dnsdist] dnsdist performance

Gentian Bajraktari voipstar at gmail.com
Thu Aug 8 16:08:49 UTC 2019 

Hi Remi,

yes all servers are on VMware, 8 cpu, 8G Ram. OS is Centos ( Linux release
7.6.1810 (Core) 3.10.0-957.27.2.el7.x86_64)

have disabled selinux and all firewall/iptables,

performance on Bind (BIND 9.14.4 (Stable Release)) directly  is 50-60K QPS
sorry for the typo,

i have tried setMaxUDPOutstanding(65535) as well

as well as i added 8 Local server using reusePort=true ( and also confirmed
with netstat -ln there were 8 running threads)

i also added 8 new servers with combination of both BIND servers or only 1
server. tried different Server policies, leastoutstanding/roundrobin etc.

For the dnsdist version these are 3 versions i have tried ( i have them all
on same machine, playing with systemd service file on which one to activate)

Compiled concur version:
 /usr/local/dnsdist/bin/dnsdist -V
dnsdist 0.0.dnsdistconcur.g (Lua 5.1.4)
Enabled features: systemd

Repo version from centos/epel:
/usr/bin/dnsdist -V
dnsdist 1.3.3 (Lua 5.1.4 [LuaJIT 2.0.4])
Enabled features: dns-over-tls(openssl) dnscrypt libsodium protobuf
recvmmsg/sendmmsg systemd

Compiled main master version:
/usr/local/bin/dnsdist -V
dnsdist 0.0.17315.0.master.g32ffe8cde3 (Lua 5.1.4)
Enabled features: ipcipher recvmmsg/sendmmsg snmp


I also tried having BIND and DNSDIST on same machine ( listening different
interfaces) and also on separate machines,
but no much effect. in all cases Dnsdist has very low QPS compared to
directly testing Bind.

some tweaks, besides removing any security/firewall:

 sysctl -w net.ipv4.conf.all.forwarding=1
 sysctl -w net.core.rmem_max=33554432
 sysctl -w net.core.wmem_max=33554432
 sysctl -w net.core.rmem_default=16777216
sysctl -w net.core.wmem_default=16777216
ulimit -n 16000
fs.file-max = 70000

more /etc/security/limits.conf | grep dnsdist
dnsdist soft nofile 65535
dnsdist soft nofile 65535



thanks

On Thu, 8 Aug 2019 at 10:52, Remi Gacogne <remi.gacogne at powerdns.com> wrote:

> Hi Gentian,
>
> On 8/8/19 10:20 AM, Gentian Bajraktari wrote:
> > but when we test with resperf (from dnsperf tool), the results are very
> > bad for DNSDIST, around 5-15K QPS , while when we test directly to one
> > of BIND ip addresses the QPS goes up to 50-60Qps.
>
> Those are very low numbers, for dnsdist but also for Bind (assuming you
> mean 50-60k qps), on what hardware are you testing this? Is this a VM?
>
> > we have tried both rpm install of dnsdist, compiling from source and
> > even comiling the concur version but all with similar results, ie when
> > resperf tests go through dnsdist the results are much lower in terms of
> qps.
>
> Knowing the exact version of dnsdist would help a lot.
>
> Did you read the tuning guide [1]? At the very least you should set
> setMaxUDPOutstanding(65535). You are also using a single thread for
> receiving UDP queries which might not be what you want, although you
> should get much more than 15k qps even with a single thread.
>
> > OS is Centos7 in all servers, tweaked all settings for file limits, udp
> > connections etc.
>
> Did you disable any firewall? Remove any connection tracking modules? It
> would be very useful to know exactly what you tweaked.
>
> [1]: https://dnsdist.org/advanced/tuning.html
>
> Best regards,
> --
> Remi Gacogne
> PowerDNS.COM BV - https://www.powerdns.com/
>
> _______________________________________________
> dnsdist mailing list
> dnsdist at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/dnsdist
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20190808/18d5449d/attachment.html>

More information about the dnsdist mailing list