[178151] in North American Network Operators' Group
Re: OT - Small DNS "appliances" for remote offices.
daemon@ATHENA.MIT.EDU (Mel Beckman)
Wed Feb 18 10:42:43 2015
X-Original-To: nanog@nanog.org
From: Mel Beckman <mel@beckman.org>
To: Rob Seastrom <rs@seastrom.com>
Date: Wed, 18 Feb 2015 15:42:38 +0000
In-Reply-To: <86r3tn6y8f.fsf@valhalla.seastrom.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
We use Mac Minis; $500 each anywhere plus $25 (!) for all the server compon=
ents, dead silent, and ready to go with Bind installed out of the box. You =
can also enable dhcpd and all manner of other stock BSD services. There are=
"helper" GUI tools for the non-CLI admin built into the Server toolkit. Wa=
y fast, extremely secure, and IPv6 ready.=20
http://arstechnica.com/apple/2014/11/a-power-users-guide-to-os-x-server-yos=
emite-edition/11/
Yes, this hardware costs a bit more than the mini box Pcs,mbut you make up =
for that in reduced setup labor.=20
-mel beckman
> On Feb 18, 2015, at 7:22 AM, "Rob Seastrom" <rs@seastrom.com> wrote:
>=20
>=20
> Peter Kristolaitis <alter3d@alter3d.ca> writes:
>=20
>> Not "industrial grade", but Raspberry Pis are pretty great for this
>> kind of low-horsepower application. Throw 2 at each site for
>> redundancy and you have a low-powered, physically small, cheap, dead
>> silent, easily replaceable system for ~$150 per site.
>=20
> The Pi is low-powered in more ways than one. Last fall I ran some
> (admittedly fairly simple minded) DNS benchmarks against a Raspberry
> Pi Model B and an ODROID U3.
>=20
> Particularly if you have DNSSEC validation enabled, the Pi is
> underwhelming in performance (81 qps in the validation case, 164
> without).
>=20
> The U3 is circa 325 qps with or without DNSSEC validation on, which
> suggests that something else other than crypto-computes is the long
> pole in the tent.
>=20
> I haven't gotten motivated to try this against the ODROID-C1 that I
> acquired later in December, nor have I sourced a Raspberry Pi 2. For
> anyone who's feeling motivated to do this (please send along
> results!), the methodology I used is at http://technotes.seastrom.com/nod=
e/53
>=20
> -r
>=20
> PS: don't miss the opportunity to run real honest-to-god isc-dhcpd on
> same machine rather than whatever your router provides you; you'll be
> glad you did.
>=20
