Abstract
In this paper, we examine the performance of four authoritative DNS server implementations (BIND, NSD, Knot DNS, and YADIFA). In our tests, we apply the measurement procedure defined in Section 9 of RFC 8219. Our aim is threefold: to provide DNS operators with ready to use measurement results to support their selection of the best fitting authoritative DNS server implementation for their needs, to assist researchers and DNS64 server developers in finding a suitable authoritative DNS server implementation for their DNS64 benchmarking measurements, and to advance the theory and practice of benchmarking DNS servers. We examine how the different conditions such as the number of active CPU cores, the size of the zone file, the applied timeout, and the type of the processor influence the performance of the tested authoritative DNS server implementations. The performance of all four tested DNS servers scales up more or less well with the number of CPU cores, except for YADIFA. The increase of the size of the zone file causes significant degradation only in the performance of BIND, which shows different anomalies described in the paper. The change of the timeout from 250ms (required by RFC 8219) to 100ms usually causes only a small performance degradation. We point out that NSD and Knot DNS can achieve an order of magnitude higher performance than BIND and YADIFA.
Highlights
DNS (Domain Name System) is an integral part of all commonly used Internet services, but it seems to be inconspicuous, when everything goes smooth
We examine the performance of four authoritative DNS server implementations (BIND, NSD, Knot DNS, and YADIFA) under different conditions including zone files of various sizes and different number of CPU cores
When the given authoritative DNS implementation is intended to be used to support DNS64 benchmarking, the 1st percentile should to be taken into consideration, so that the insufficient performance of the authoritative DNS server may not impact the DNS64 measurement results
Summary
DNS (Domain Name System) is an integral part of all commonly used Internet services, but it seems to be inconspicuous, when everything goes smooth. The performance of different authoritative DNS server implementations is an important issue, it still lacks of a standard benchmarking methodology. Whereas BIND is considered the de facto industry standard DNS server, and it was the most widely used one in 2004 [1], some other DNS implementations (e.g. NSD or Knot DNS) can provide multiple times higher authoritative DNS server performance than BIND. For a DNS server operator, higher performance results in less costs considering both CAPEX (Capital Expenditures, here: the price of the hardware) and OPEX (Operating Expenditure, here: the computing power requirement and the electricity bill). High performance can be a kind of mitigation against DoS (Denial of Service) attacks [2]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
