[178175] in North American Network Operators' Group
Re: OT - Small DNS "appliances" for remote offices.
daemon@ATHENA.MIT.EDU (William Herrin)
Wed Feb 18 21:38:08 2015
X-Original-To: nanog@nanog.org
X-Really-To: <nanog@nanog.org>
In-Reply-To: <86r3tn6y8f.fsf@valhalla.seastrom.com>
From: William Herrin <bill@herrin.us>
Date: Wed, 18 Feb 2015 21:37:37 -0500
To: Rob Seastrom <rs@seastrom.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Wed, Feb 18, 2015 at 10:22 AM, Rob Seastrom <rs@seastrom.com> wrote:
> The Pi is low-powered in more ways than one. Last fall I ran some
> (admittedly fairly simple minded) DNS benchmarks against a Raspberry
> Pi Model B and an ODROID U3.
>
> Particularly if you have DNSSEC validation enabled, the Pi is
> underwhelming in performance (81 qps in the validation case, 164
> without).
>
> The U3 is circa 325 qps with or without DNSSEC validation on, which
> suggests that something else other than crypto-computes is the long
> pole in the tent.
Hi Rob,
Interesting. The odroid has a 1700 mhz processor, the pi a 700 mhz
processor. Except for the validation anomaly your results are
self-consistent.
> Caveats: This is just returning NXDOMAIN against a TLD for which
> (after the first run) there is already cached information that the TLD
> is bogus, so this test doesn't involve traffic actually leaving the box.
Given your testing methodology, the difference between validating and
non-validating makes no sense to me. Once the records are cached bind
should only be passing a flag around? Weird.
On Wed, Feb 18, 2015 at 6:44 PM, Peter Loron <peterl@standingwave.org> wrote:
> For any site where you would use a Pi as the DNS cache, it won't be an
> issue. DNS isn't that heavy at those query rates.
Yes and no. DNS is a lynchpin service. All connections stall until the
DNS provides an IP address. So you kinda want low latency in your DNS
lookups. If a fast server three hops away can respond faster than a
slow server on the same LAN, the server three hops away is a better
choice.
A point in favor of the Raspberry Pi -- there's a heckuva lot of
accessories already built for it. Including various cases and even a
few different rackmount cases. And a wealth of "how do you do it?" and
"why did it do this?" information available with just a few google
search terms. The communities supporting the other hardware options
are not nearly so large.
Regards,
Bill Herrin
--
William Herrin ................ herrin@dirtside.com bill@herrin.us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
