[Dnsmasq-discuss] Speed comparison dnsmasq <-> unbound?

Dave Taht dave.taht at gmail.com
Sun Feb 16 17:48:57 UTC 2014


On Sun, Feb 16, 2014 at 9:06 AM, /dev/rob0 <rob0 at gmx.co.uk> wrote:
> On Sun, Feb 16, 2014 at 07:38:37AM +0100, Oliver Rath wrote:
>> did somebody some speed comparison tests for the dns caching
>> functionality between dnsmasq and unbound (http://unbound.net/)?
>
> Compare apples to apples. You're not doing that.
>
> Dnsmasq is a DNS forwarder. Unbound is a DNS resolver. Unbound
> actually does the work of accepting recursive queries and then
> performing the iterative queries to find the answer.

To be mildly more clear, DNSmasq is a caching forwarder,
(although I just discovered caching is turned off in ubuntu's implementation)

While not a recursing resolver, it can be configured as a primary dns server
for a small set of (sub)domains easily.

The fact that it caches, however, is very important.

> Dnsmasq simply hands off these queries to a backend resolver, such as
> BIND named or unbound. Accordingly, I'd expect dnsmasq to be faster,
> but noting that the comparison is meaningless.
>
>> Ive read that unbound is the fastest dns caching server including
>> dnssec support, but I could imagine, that dnsmasq has the same
>> speed (or better).
>
> I've read a lot of things on the Internet. Some of them might have
> been true. Unqualified claims of "speed" are usually bogus. Such
> claims are especially difficult to establish in the realm of DNS,
> because your apparent speed is largely dependent upon random third
> parties' servers and the speed of their Internet connections.
>
> Do you have a link to these speed studies? I'd like to see them.
>
>> Unbound is the new standard dns caching server in FreeBSD 10 and
>> replaces bind.
>
> IIUC that's only partly true. BIND is a complete DNS implementation,
> whereas unbound is only a caching resolver. Those who are serving
> authoritative DNS to the world also need an authoritative DNS server
> such as BIND named or NLNetLabs' NSD.
>
> Note, best practice usually demands separation of authoritative DNS
> service from recursive service. Unbound/NSD were began with this
> understanding, whereas BIND has roots going back to the very
> beginnings of DNS.
>
> (The fact that named can do it all in one notwithstanding, this is
> not what ISC recommends. But it is a convenience for some small,
> internal-only sites, where that might override security concerns.)
>
>> Just for interest.
> --
>   http://rob0.nodns4.us/
>   Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss



-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html



More information about the Dnsmasq-discuss mailing list