Presentation is loading. Please wait.

Presentation is loading. Please wait.

draft-zhang-dnsext-test-result-00

Published byAnatol Kot Modified over 5 years ago

Similar presentations

Presentation on theme: "draft-zhang-dnsext-test-result-00"— Presentation transcript:

1 draft-zhang-dnsext-test-result-00
DNS Test Result draft-zhang-dnsext-test-result-00 Zhang Juan, Li Lianyuan IETF 83

2 Introduction In the test, performances of recursive DNS with DNSSec enabled under different circumstances are listed. DNSSec is enabled in the recursive DNS in the following cases Case 1, all queries generated by the simulator are DNS queries without authentication request Case 2, tests on recursive DNS with DNSSec and sortlist enabled is done. That is all queries are still DNS queries without authentication request. However, recursive DNS need to sort the records in special order for every query. records in specific IP address segment can be sorted in front of the others. Finally, all queries are based on DNSSec and all the signature part records are authenticated by the recursive server.

3 Test layout The test simulated a complete recursive request-response procedure in a closed network. All the servers are assembled with 2 Intel CPUs with 8 core in each other and 8GB RAM. And DNS software is BIND p1. Two data models are simulated 75% and 80% shooting average in the cache of recursive DNS. Avalanche 3100

4 More details on test layout
Avalanche 3100 is used as request generator, which can simulate many clients with different IP addresses with each other. In the test, the Sortlist function of Bind is used to sort records for every query. In the test, Dnssec-keygen of Bind is used to generate the keys, and the algorithm is RSASHA1. The size of ZSK is 1024bit, and the KSK is 2048bit.

5 Test Results Table 1: Performance Test Results Of Recursive DNS with hit ratio of 80% QPS Numerical percentage of CPU utilization QPS under 30%CPU Utilization 12000QPS 10000QPS 8000QPS 6000QPS DNS 21.6% 17.6% 14.1% 10.6% 19800 Sortlist(200) 24.7% 19.5% 16.8% 12.3% 19300 DNSSEC 36.2% 30.6% 24.3% 18.1% 9800 Table 2: Performance Test Results Of Recursive DNS with hit ratio of 75% QPS Numerical percentage of CPU utilization QPS under 30%CPU Utilization 12000QPS 10000QPS 8000QPS 6000QPS DNS 20.3% 17.2% 13.9% 10.5% 18000 Sortlist(200) 23.2% 19.1% 15.8% 11.7% 17400 DNSSEC 46.9% 37.6% 29.5% 22.2% 8200 If some strategy like sortlist is enabled, the performance of recursive DNS almost doesn’t change. While if DNSSec is enabled, the performance of recursive DNS will be greatly influenced, which can be reduced about 50%.

6 Suggestion and Next Step
More attention should be paid on the performance of DNS when DNSSec is enabled. Next Step More tests on this subject will be done Various size of keys will be tested

Download ppt "draft-zhang-dnsext-test-result-00"

Similar presentations

DNSSEC in Windows Server. DNS Server changes Provide DNSSEC support in the DNS server – Changes should allow federal agencies to comply with SC-20 and.

DNSSEC in Windows Server. DNS Server changes Provide DNSSEC support in the DNS server – Changes should allow federal agencies to comply with SC-20 and.
DNSSEC & Email Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.

DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
1 Secure DNS Solutions Rooster. 2 Introduction What does security mean for DNS? What security problems exist for DNS, what is being done about them, and.

1 Secure DNS Solutions Rooster. 2 Introduction What does security mean for DNS? What security problems exist for DNS, what is being done about them, and.
Introduction to DNSSEC AROC Bamako, Mali, 2010. What is DNSSEC?

Introduction to DNSSEC AROC Bamako, Mali, What is DNSSEC?
Tyre Kicking the DNS Testing Transport Considerations of Rolling Roots Geoff Huston APNIC.

Tyre Kicking the DNS Testing Transport Considerations of Rolling Roots Geoff Huston APNIC.
8.4 paging Paging is a memory-management scheme that permits the physical address space of a process to be non-contiguous. The basic method for implementation.

8.4 paging Paging is a memory-management scheme that permits the physical address space of a process to be non-contiguous. The basic method for implementation.
Krit Witwiyaruj Thai Name Server Co., Ltd.th DNSSEC Implementation.

Krit Witwiyaruj Thai Name Server Co., Ltd.th DNSSEC Implementation.
Towards a Billion Routing Lookups per Second in Software  Author: Marko Zec, Luigi, Rizzo Miljenko Mikuc  Publisher: SIGCOMM Computer Communication Review,

Towards a Billion Routing Lookups per Second in Software  Author: Marko Zec, Luigi, Rizzo Miljenko Mikuc  Publisher: SIGCOMM Computer Communication Review,
How to use DNS during the evolution of ICN? Zhiwei Yan.

How to use DNS during the evolution of ICN? Zhiwei Yan.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.

* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.
DNS Session 5 Additional Topics Joe Abley AfNOG 2006, Nairobi, Kenya.

DNS Session 5 Additional Topics Joe Abley AfNOG 2006, Nairobi, Kenya.
Ch 6: DNSSEC and Beyond Updated 4-28-15. DNSSEC Objectives of DNSSEC Data origin authentication – Assurance that the requested data came from the genuine.

Ch 6: DNSSEC and Beyond Updated DNSSEC Objectives of DNSSEC Data origin authentication – Assurance that the requested data came from the genuine.
Using Digital Signature with DNS. DNS structure Virtually every application uses the Domain Name System (DNS). DNS database maps: –Name to IP address.

Using Digital Signature with DNS. DNS structure Virtually every application uses the Domain Name System (DNS). DNS database maps: –Name to IP address.
Domain Name System: DNS To identify an entity, TCP/IP protocols use the IP address, which uniquely identifies the Connection of a host to the Internet.

Domain Name System: DNS To identify an entity, TCP/IP protocols use the IP address, which uniquely identifies the Connection of a host to the Internet.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH - 2009.

PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
Increasing the Zone Signing Key Size for the Root Zone

Increasing the Zone Signing Key Size for the Root Zone
High performance recursive DNS solution

High performance recursive DNS solution
Geoff Huston Chief Scientist, APNIC

Geoff Huston Chief Scientist, APNIC

Similar presentations

Ads by Google