Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
DNSPERF(1)			    Nominum			    DNSPERF(1)

       dnsperf - test the performance of a DNS server

       dnsperf [-a local_addr] [-b bufsize] [-c	clients] [-d datafile] [-D]
       [-e] [-f	family]	[-h] [-l limit]	[-n runs_through_file] [-p port]
       [-q num_queries]	[-Q max_qps] [-s server_addr] [-S stats_interval]
       [-t timeout] [-u] [-v] [-x local_port] [-y [alg:]name:secret]

       dnsperf is a DNS	server performance testing tool. It is	primarily  in-
       tended  for measuring the performance of	authoritative DNS servers, but
       it can also be used for	measuring  caching  server  performance	 in  a
       closed  laboratory  environment.	 For testing caching servers resolving
       against the live	Internet, the resperf program is preferred.

       It is recommended that dnsperf and the name server under	test be	run on
       separate	 machines,  so	that  the CPU usage of dnsperf itself does not
       slow down the name server. The two machines should be connected with  a
       fast  network, preferably a dedicated Gigabit Ethernet segment. Testing
       through a router	or firewall is not advisable.

   Configuring the name	server
       If using	dnsperf	to test	an authoritative server, the name server under
       test  should  be	 set up	to serve one or	more zones similar in size and
       number to what the server is expected to	serve in production.

       Also, be	sure to	turn off recursion in the server's  configuration  (in
       BIND 8/9, specify "recursion no;" in the	options	block).	In BIND	8, you
       should also specify "fetch-glue no;"; otherwise the server may  attempt
       to retrieve glue	information from the Internet during the test, slowing
       it down by an unpredictable factor.

   Constructing	a query	input file
       A dnsperf input file should  contain  a	large  and  realistic  set  of
       queries,	on the order of	ten thousand to	a million. The input file con-
       tains one line per query, consisting of a domain	name and  an  RR  type
       name separated by a space. The class of the query is implicitly IN.

       When  measuring	the performance	serving	non-terminal zones such	as the
       root zone or TLDs, note that such servers spend most of their time pro-
       viding  referral	responses, not authoritative answers. Therefore, a re-
       alistic input file might	consist	mostly of queries for type A for names
       *below*,	not at,	the delegations	present	in the zone. For example, when
       testing the performance of a server configured to be authoritative  for
       the top-level domain "fi.", which contains delegations for domains like
       "" and "", the input file could contain lines	like A A

       where the "www" prefix ensures that the server will respond with	a  re-
       ferral.	Ideally, a realistic proportion	of queries for nonexistent do-
       mains should be mixed in	with those for existing	ones, and the lines of
       the input file should be	in a random order.

   Constructing	a dynamic update input file
       To  test	dynamic	update performance, dnsperf is run with	the -u option,
       and the input file is constructed of blocks of lines describing dynamic
       update messages.	The first line in a block contains the zone name:

       Subsequent lines	contain	prerequisites, if there	are any. Prerequisites
       can specify that	a name may or may not exist, an	rrset may or  may  not
       exist, or an rrset exists and its rdata matches all specified rdata for
       that name and type. The keywords	"require" and "prohibit" are  followed
       by the appropriate information. All relative names are considered to be
       relative	to the zone name. The following	lines show the 5 types of pre-

	      require a
	      require a	A
	      require a	A
	      prohibit x
	      prohibit x A

       Subsequent  lines  contain  records to be added,	records	to be deleted,
       rrsets to be deleted, or	names to be deleted.  The  keywords  "add"  or
       "delete"	 are  followed	by  the	 appropriate information. All relative
       names are considered to be relative to the  zone	 name.	The  following
       lines show the 4	types of updates.

	      add x 3600 A
	      delete y A
	      delete z A
	      delete w

       Each update message is terminated by a line containing the command:


   Running the tests
       When  running  dnsperf,	a data file (the -d option) and	server (the -s
       option) will normally be	specified. The output  of  dnsperf  is	mostly
       self-explanatory.  Pay  attention  to the number	of dropped packets re-
       ported -	when running the test over a  local  Ethernet  connection,  it
       should be zero. If one or more packets has been dropped,	there may be a
       problem with the	network	connection. In that case, the  results	should
       be considered suspect and the test repeated.

       -a local_addr
	      Specifies	the local address from which to	send requests. The de-
	      fault is the wildcard address.

       -b bufsize
	      Sets the size of the socket's send and receive buffers, in kilo-
	      bytes. If	not specified, the operating system's default is used.

       -c clients
	      Act  as  multiple	clients. Requests are sent from	multiple sock-
	      ets. The default is to act as 1 client.

       -d datafile
	      Specifies	the input data file. If	not  specified,	 dnsperf  will
	      read from	standard input.

	      Sets  the	DO (DNSSEC OK) bit [RFC3225] in	all packets sent. This
	      also enables EDNS0, which	is required for	DNSSEC.

	      Enables EDNS0 [RFC2671], by adding an OPT	record to all  packets

       -f family
	      Specifies	 the  address family used for sending DNS packets. The
	      possible values are "inet", "inet6", or "any". If	"any" (the de-
	      fault  value)  is	 specified, dnsperf will use whichever address
	      family is	appropriate for	the server it is sending packets to.

	      Print a usage statement and exit.

       -l limit
	      Specifies	a time limit for the run, in seconds. This  may	 cause
	      the  input  to be	read multiple times, or	only some of the input
	      to be read. The default behavior is to read the input once,  and
	      have no specific time limit.

       -n runs_through_file
	      Run  through  the	input file at most this	many times. If no time
	      limit is set, the	file will  be  read  exactly  this  number  of
	      times; if	a time limit is	set, the file may be read fewer	times.

       -p port
	      Sets  the	 port on which the DNS packets are sent. If not	speci-
	      fied, the	standard DNS port (53) is used.

       -q num_queries
	      Sets the maximum number of outstanding requests. When this value
	      is reached, dnsperf will not send	any more requests until	either
	      responses	are received or	requests time out. The	default	 value
	      is 100.

       -Q max_qps
	      Limits  the  number  of requests per second. There is no default

       -s server_addr
	      Specifies	the name or address of the server  to  which  requests
	      will be sent.  The default is the	loopback address,

       -S stats_interval
	      If this parameter	is specified, a	count of the number of queries
	      per second  during  the  interval	 will  be  printed  out	 every
	      stats_interval seconds.

       -t timeout
	      Specifies	the request timeout value, in seconds. dnsperf will no
	      longer wait for a	response to a particular  request  after  this
	      many seconds have	elapsed. The default is	5 seconds.

	      Instructs	 dnsperf  to  send DNS dynamic update messages,	rather
	      than queries. The	format of the input file is different in  this
	      case; see	the "Constructing a dynamic update input file" section
	      for more details.

	      Enables verbose mode. The	DNS RCODE of each response will	be re-
	      ported to	standard output	when the response is received, as will
	      the latency. If a	query times out, it will be reported with  the
	      special  string "T" instead of a normal DNS RCODE. If a query is
	      interrupted, it will be reported with the	special	string "I".

       -x local_port
	      Specifies	the local port from which to send  requests.  The  de-
	      fault is the wildcard port (0).

	      If  acting  as  multiple	clients	and the	wildcard port is used,
	      each client will use a different random port. If a port is spec-
	      ified,  the  clients will	use a range of ports starting with the
	      specified	one.

       -y [alg:]name:secret
	      Add a TSIG record	[RFC2845] to all packets sent, using the spec-
	      ified  TSIG  key algorithm, name and secret, where the algorithm
	      defaults to hmac-md5 and the secret is expressed	as  a  base-64
	      encoded string.

       Nominum,	Inc.


Nominum				 Jan 10, 2012			    DNSPERF(1)


Want to link to this manual page? Use this URL:

home | help