[Dnsmasq-discuss] dnsmasq performance as dns forwarder in larger environments

Thorsten Peter thorsten.peter at gmail.com
Mon Jul 16 18:37:42 BST 2012


Hey Simon,

thanks for your quick reply. This doesn't sound as many people would use
dnsmasq in larger environments, does it? I don't think we can really
afford to play around with this too much. My idea was to use something
more lightweight than bind, since from a featureset point of view, bind
would be really way too big for our purpose, since we basically need
forwarding servers only. Additionally, we need something that can be
installed and auto updated from the RHEL repos, so playing around with
the source isn't really a good option either ...

Anyway, will post here if we decide to go with dnsmasq.

Take care,

Thorsten

On 16.7.2012 19:02, Simon Kelley wrote:
> On 16/07/12 17:32, Thorsten Peter wrote:
>> Hey folks,
>>
>> we are planning to test dnsmasq as a dns forwarder only, no dhcp and no
>> caching involved. Caching might play a role later though.
>> We are talking a internal, private network consiting of ~ 200 servers
>> (Apache/JBoss mainly). Plan would be to use 4 servers as dnsmasq
>> forwarders, to our upstream servers and to serv all other internal
>> servers
>> with DNS responses. We are talking about a platform that has about 130
>> Million hits per day, so we are talking maybe peaks of 1000-1500 dns
>> queries that would hit dnsmasq ...
>>
>> Is anyone here using a installation with dnsmasq of this size and that
>> load? I'd be glad if you guys could give me some thoughts on this ...
>>
>
> I don't have data on any installation that big, can I ask please to
> report back here on your results? It would be good to know.
>
> I can give you some tuning advice: edit src/config.h and recompile.
> The variables of interest would be
>
> FTABSIZ - simultaneous queries - probably up this from 150 to your
> 1500 number.
>
> FORWARD_TEST - try all available servers every n queries. Again,
> bumping this by an order of magnitude or more would make sense.
>
>
> If your network is private enough that you don't need to worry about
> cache poisoning attacks and/or you are not using caching, then setting
> --query-port=0 will save a lot of syscalls in each forwarding cycle
> because dnsmasq won't need to create and bind a new socket for each one.
>
> Cheers,
>
> Simon.
>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss





More information about the Dnsmasq-discuss mailing list