What is DNSPerf?
DNSPerf and ResPerf are free tools developed by Nominum that make it simple to gather accurate latency and throughput metrics for Domain Name Service (DNS). These tools are easy-to-use and simulate typical Internet so network operators can benchmark their naming and addressing infrastructure and plan for upgrades. The latest version of the DNSPerf and ResPerf can be used with test files that include IPv6 queries.
DNSPerf “self-paces” the DNS query load to simulate network conditions. New features in DNSPerf improve the precision of latency measurements and allow for per packet per-query latency reporting is possible. DNSPerf is now multithreaded, multiple DNSPerf clients can be supported in multicore systems (each client requires two cores). The output of DNSPerf has also been improved so it is more concise and useful. Latency data can be used to make detailed graphs so it is simple for network operators to take advantage of the data.
ResPerf systematically increases the query rate and monitors the response rate to simulate caching DNS services.
Data file format
An example of data file format is shown in file a.out in project directory. In the file, the line begin with # is recognized as comment. Each useful line contains two columns. The first column is the domain name to be queried, and the second column is the query type.
The query type currently supported includes:
Constructing a query input file
A dnsperf input file should contain a large and realistic set of queries, on the order of ten thousand to a million. The input file contains one line per query, consisting of a domain name and an RR type name separated by a space. The class of the query is implicitly IN.
When measuring the performance serving non-terminal zones such as the root zone or TLDs, note that such servers spend most of their time providing referral responses, not authoritative answers. Therefore, a realistic input file might consist mostly of queries for type A for names *below*, not at, the delegations present in the zone. For example, when testing the performance of a server configured to be authoritative for the top-level domain “fi.”, which contains delegations for domains like “helsinki.fi” and “turku.fi”, the input file could contain lines like
where the “www” prefix ensures that the server will respond with a referral. Ideally, a realistic proportion of queries for nonexistent domains should be mixed in with those for existing ones, and the lines of the input file should be in a random order.
Constructing a dynamic update input file
To test dynamic update performance, dnsperf is run with the -u option, and the input file is constructed of blocks of lines describing dynamic update messages. The first line in a block contains the zone name:
Subsequent lines contain prerequisites, if there are any. Prerequisites can specify that a name may or may not exist, an rrset may or may not exist, or an rrset exists and its rdata matches all specified rdata for that name and type. The keywords “require” and “prohibit” are followed by the appropriate information. All relative names are considered to be relative to the zone name. The following lines show the 5 types of prerequisites.
require a require a A require a A 188.8.131.52 prohibit x prohibit x A
Subsequent lines contain records to be added, records to be deleted, rrsets to be deleted, or names to be deleted. The keywords “add” or “delete” are followed by the appropriate information. All relative names are considered to be relative to the zone name. The following lines show the 4 types of updates.
add x 3600 A 10.1.2.3 delete y A 10.1.2.3 delete z A delete w
Each update message is terminated by a line containing the command:
Running the tests
When running dnsperf, a data file (the -d option) and server (the -s option) will normally be specified. The output of dnsperf is mostly self-explanatory. Pay attention to the number of dropped packets reported – when running the test over a local Ethernet connection, it should be zero. If one or more packets has been dropped, there may be a problem with the network connection. In that case, the results should be considered suspect and the test repeated.
Performance statistics will have displayed on your stdin after testing. The following is a sample outputs.
Statistics: Queries sent: 600 Queries completed: 600 (100.00%) Queries lost: 0 (0.00%) Response codes: NOERROR 411 (68.50%), SERVFAIL 52 (8.67%), NXDOMAIN 137 (22.83%) Average packet size: request 38, response 91 Run time (s): 61.424945 Queries per second: 9.768019 Average Latency (s): 0.076570 (min 0.022927, max 4.030269) Latency StdDev (s): 0.293699
Let’s explore more about the DNS using dnsperf tool.
# dnsperf -h You should see something like the following: DNS Performance Testing Tool Nominum Version 184.108.40.206 Usage: dnsperf [-f family] [-s server_addr] [-p port] [-a local_addr] [-x local_port] [-d datafile] [-c clients] [-n maxruns] [-l timelimit] [-b buffer_size] [-t timeout] [-e] [-D] [-y [alg:]name:secret] [-q num_queries] [-Q max_qps] [-S stats_interval] [-u] [-v] [-h] -f address family of DNS transport, inet or inet6 (default: any) -s the server to query (default: 127.0.0.1) -p the port on which to query the server (default: 53) -a the local address from which to send queries -x the local port from which to send queries (default: 0) -d the input data file (default: stdin) -c the number of clients to act as -n run through input at most N times -l run for at most this many seconds -b socket send/receive buffer size in kilobytes -t the timeout for query completion in seconds (default: 5) -e enable EDNS 0 -D set the DNSSEC OK bit (implies EDNS) -y the TSIG algorithm, name and secret -q the maximum number of queries outstanding (default: 100) -Q limit the number of queries per second -S print qps statistics every N seconds -u send dynamic updates instead of queries -v verbose: report each query to stdout -h print this help
Now we need to download the query file, and uncompress it.
# wget ftp://ftp.nominum.com/pub/nominum/dnsperf/data/queryfile-example-current.gz # tar -xvf queryfile-example-current.gz
Read More: How to Install DNSPERF on Linux
The command below queries a DNS server at 192.168. 0.161 for 60 seconds, it will send 10 queries per second.
# dnsperf -s 192.168. 0.161 -d queryfile-example-current -l 60 -c 1 -Q 10
The following command is a little less kind on your DNS server located at 192.168. 0.161 in that it will act as 20 clients over 30 seconds with 60 queries a second and give a step by step output for each query.
# dnsperf -s 192.168. 0.161 -d queryfile-example-current -l 30 -c 20 -Q 60 -v
The following will test two DNS servers one at 192.168. 0.161 and one at 192.168.0.53 for 30 seconds.
# dnsperf -s 192.168.0.161 -s 192.168.0.53 -d queryfile-example-current -l 30