Am relatively new to setting up a DNS server and here is
what I would like to accomplish. Have a bunch of distributed Linux servers
doing some deep packet inspection. Based on the results of the inspection my
application would issue a http REST to a variety of other Linux boxes. The plan
would be to route these REST messages to the right destination using DNS. Messages
destined to ‘BOB’ would go to a specific IP per normal ops.
We would have a private DNS server(s) set up geo-dispersed.
Authoritative and use POSTGRES as a backend. I do not forsee needing 1M A records
but you never know! They would be static and could have a very long TTL. What I
like about the DNS option is that all routing of messages can be handled by the
‘middle’ DNS layer which in PowerDNS is nice and configurable on the fly if you
need to add new destinations. It would go something like this:
That way DPI box never has to get touched once deployed. All
network growth and new destinations are handled at the DNS layer.
I realize this is like asking how cold is it outside…..but
what type of performance could be obtained for variousserver core/memory/A record count sizes? I
have seen many tables/claims of 10,000 QPS on a moderate box, but what is
realistic to go up to? Memory is cheap and can be added to ensure once it is
cached in memory and not pulled from POSTGRES things would go quicker but I
have no idea if 20,000 QPS is reasonable 50,000 etc! Any wisdom from the
smarter folks appreciated.
On Wed, May 04, 2016 at 07:35:15PM -0400, Bud Asterisk wrote:
> I realize this is like asking how cold is it outside…..but what type of
> performance could be obtained for various server core/memory/A record
> count sizes? I have seen many tables/claims of 10,000 QPS on a moderate
> box, but what is realistic to go up to? Memory is cheap and can be added to
> ensure once it is cached in memory and not pulled from POSTGRES things
> would go quicker but I have no idea if 20,000 QPS is reasonable 50,000 etc!
> Any wisdom from the smarter folks appreciated.
It is indeed a bit like asking how cold it is outside. But we do have some
help. For example, pdnssec or "pdnsutil bench-db file" will help you stress out
your backend, uncached, with queries you put in file.
This delivers how many milliseconds or microseconds each backend query
takes. You can also run several copies of bench-db in parallel to figure out
how your backend reacts to parallelism.
You should then ask yourself what your cache miss rate is going to be, and
calculate what the effective cached performance would be.
Actual backend performance is impacted heavily by hardware, virtualization,
virtualization type etc, so you should really run the numbers yourself.