How to Test the Performance of your DNS Server [Linux]
Here’s a case scenario for you.
You’re tasked with setting up a DNS server. You did your research, selected the best option for your deployment and deployed said servers. Life is good.?But a thought creeps in the back of your mind. Have you considered the performance of your new DNS servers? Do you know how many queries per second your brand new DNS server/service can handle? Oh God, what ever will you do? Luckily, there’s a tool available that can answer your pressing questions: dnsperf.
According to the dnsperf man pages,
“dnsperf is a DNS server performance testing tool. It is primarily intended for measuring the performance of authoritative DNS servers…”
This is available to most Linux distros. When available, it’s a good idea to check the man pages when intending to use a specific tool. You might learn a new trick!
For information on dnsperf installation packages and instructions, refer to the author’s page: www.dns-oarc.net/tools/dnsperf
Here’s a basic walk through on how to use the dnsperf tool.?
First, generate a file containing a list of FQDNs (fully qualified domain names) for your target DNS server to answer those queries. FQDNs don’t really have to be valid fqnds, since you’re just measuring how fast your DNS server can answer said queries.?
An easy way to generate your list of FQDNs is to use the following Linux one-liner:
for i in `seq 1 2000000`; do echo "$i.testdnsperf.org A" >> test-list.txt ; done;
What you are attempting to do here is to generate two million A record entries and store them in a file called test-list.txt
Once the file is done generating, you can then use dnsperf and your generated file to test the performance of your DNS servers.?
$ dnsperf -s 127.0.0.1 -d test-list.txt
DNS Performance Testing Tool
…
[Status] Command line: dnsperf -s 127.0.0.1 -d n.txt
[Status] Sending queries (to 127.0.0.1)
[Status] Started at: Mon Sep 14 09:58:26 2020
领英推荐
[Status] Stopping after 1 run through file
[Status] Testing complete (end of file)
Statistics:
??Queries sent: ? ? ? ? 2000000
??Queries completed:? ? 2000000 (100.00%)
??Queries lost: ? ? ? ? 0 (0.00%)
??Response codes: ? ? ? NOERROR 2000000 (100.00%)
??Average packet size:? request 40, response 56
??Run time (s): ? ? ? ? 57.259162
??Queries per second: ? 34928.907971
??Average Latency (s):? 0.002801 (min 0.000094, max 0.007734)
??Latency StdDev (s): ? 0.000313
For demonstration purposes, we’re utilizing the 172.0.0.1 loopback address as the target DNS server. You would need to replace the loopback address with the address of the actual DNS server.??
WARNING: Do not run dnsperf large queries against production DNS servers/services that are not managed by you. If the DNS server/service is not configured to rate limit the number of queries per client, you could run a denial of service against the target DNS server/service.? Or, if you run it against your ISP DNS servers or google DNS servers, they might expel your IP address since they’ll detect your test as a denial of service attempt.?
So, that's pretty much it. Using dnsperf is a great way to learn the behavior of your DNS server/service before it goes into production, and you can rest a little bit easier knowing it can help you with your project.