[Pdns-dev] Performance of KVS in dnsdist
labs at hosting.de
labs at hosting.de
Fri May 15 11:51:56 UTC 2020
Hello everyone,
I have a discussion with some of our developers about the experimental
feature KVS in dnsdist.
We use dnsdist in front of PowerDNS (with MySQL) backends. With KVS we
could check if a domain or record exists before we forward the request
to PowerDNS.
Changes in our zones or database will happen quite often, I think that
we have changes every minute. We have appr. 300k zones with >3 million
records in our database.
One idea is to use KVS with CDB files just in case of an attack, e.g.
use the KVS lookup in combination with MaxQPSRule. The other idea is to
create new a CDB file everytime when a change of a zone happens or a new
zone was added.
In the first case we would generate CDB files every 15 or 30 minutes. In
case of an attack perhaps some new zones or new records would fail to
resolve. We would use a refreshDelay with 300 seconds.
In the later case dnsdist has to reload the CDB file quite often, we
would set refreshDelay to 1 second. Even if we would just generate the
CDB file e.g. once a minute, dnsdist would have to reload it every minute.
As dnsdist was made for forwarding DNS requests and not for reading CDB
files, my fear is that dnsdist will loose performance when we reload the
CDB file that often.
Does anyone have experience with the KVS feature and what are your
recommendations?
Thanks for any input.
Best regards,
Oliver
More information about the Pdns-dev
mailing list