[Dnsmasq-discuss] dnsmasq performance as dns forwarder in larger environments

Simon Kelley simon at thekelleys.org.uk
Mon Jul 16 18:02:48 BST 2012


On 16/07/12 17:32, Thorsten Peter wrote:
> Hey folks,
>
> we are planning to test dnsmasq as a dns forwarder only, no dhcp and no
> caching involved. Caching might play a role later though.
> We are talking a internal, private network consiting of ~ 200 servers
> (Apache/JBoss mainly). Plan would be to use 4 servers as dnsmasq
> forwarders, to our upstream servers and to serv all other internal servers
> with DNS responses. We are talking about a platform that has about 130
> Million hits per day, so we are talking maybe peaks of 1000-1500 dns
> queries that would hit dnsmasq ...
>
> Is anyone here using a installation with dnsmasq of this size and that
> load? I'd be glad if you guys could give me some thoughts on this ...
>

I don't have data on any installation that big, can I ask please to 
report back here on your results? It would be good to know.

I can give you some tuning advice: edit src/config.h and recompile. The 
variables of interest would be

FTABSIZ - simultaneous queries - probably up this from 150 to your 1500 
number.

FORWARD_TEST - try all available servers every n queries. Again, bumping 
this by an order of magnitude or more would make sense.


If your network is private enough that you don't need to worry about 
cache poisoning attacks and/or you are not using caching, then setting 
--query-port=0 will save a lot of syscalls in each forwarding cycle 
because dnsmasq won't need to create and bind a new socket for each one.

Cheers,

Simon.





More information about the Dnsmasq-discuss mailing list