[Dnsmasq-discuss] dnsmasq performance as dns forwarder in larger environments
simon at thekelleys.org.uk
Mon Jul 16 18:02:48 BST 2012
On 16/07/12 17:32, Thorsten Peter wrote:
> Hey folks,
> we are planning to test dnsmasq as a dns forwarder only, no dhcp and no
> caching involved. Caching might play a role later though.
> We are talking a internal, private network consiting of ~ 200 servers
> (Apache/JBoss mainly). Plan would be to use 4 servers as dnsmasq
> forwarders, to our upstream servers and to serv all other internal servers
> with DNS responses. We are talking about a platform that has about 130
> Million hits per day, so we are talking maybe peaks of 1000-1500 dns
> queries that would hit dnsmasq ...
> Is anyone here using a installation with dnsmasq of this size and that
> load? I'd be glad if you guys could give me some thoughts on this ...
I don't have data on any installation that big, can I ask please to
report back here on your results? It would be good to know.
I can give you some tuning advice: edit src/config.h and recompile. The
variables of interest would be
FTABSIZ - simultaneous queries - probably up this from 150 to your 1500
FORWARD_TEST - try all available servers every n queries. Again, bumping
this by an order of magnitude or more would make sense.
If your network is private enough that you don't need to worry about
cache poisoning attacks and/or you are not using caching, then setting
--query-port=0 will save a lot of syscalls in each forwarding cycle
because dnsmasq won't need to create and bind a new socket for each one.
More information about the Dnsmasq-discuss