Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Performance tuning

33 views
Skip to first unread message

Adamiec, Lawrence

unread,
Nov 26, 2012, 12:01:42 PM11/26/12
to bind-...@lists.isc.org
Hi,

I have been tasked with authoring a DNS report "to achieve optimal performance."  The report must include:

CPU usage
memory usage
bandwidth usage
throughput
latency

I have found some information regarding the number of queries processed per minute but nothing of value for the above areas.

Is there some documentation that discusses the above areas?

We are running BIND 9.6-ESV-R5-P1, Solaris 10 on a SPARC server.  My report will include the fact we must upgrade from BIND 9.6-ESV-R5-P1

Thank you in advance.

Larry

Lawrence Adamiec
UNIX Mgr
IIT Chicago-Kent College of Law



Doug Barton

unread,
Nov 26, 2012, 12:39:25 PM11/26/12
to Adamiec, Lawrence, bind-...@lists.isc.org
What a delightfully vague requirement. :)

I would push back a bit on exactly what problems are attempted to be
solved here. The BIND defaults are about as efficient as they can be,
especially so in later versions.

Doug

Adamiec, Lawrence

unread,
Nov 26, 2012, 1:12:48 PM11/26/12
to bind-...@lists.isc.org
To the best of my knowledge, there are no problems with our DNS.  We only host 25 domains.

The report must also address these two specific questions:

  1. Why does www.kentlaw.iit.edu load quicker than kentlaw.iit.edu in any browser?
  2. What happens if we remove the forwarders option from named.conf?
I can't duplicate the issue in Q1 and I'm trying to determine a way of testing Q2.

Larry

Lightner, Jeff

unread,
Nov 26, 2012, 1:23:46 PM11/26/12
to Adamiec, Lawrence, bind-...@lists.isc.org

For question 1:

“Loading” is a function of the web site not DNS.  Your first question could have to do what the default site is in your web configuration and what kind of rewrite rules are getting you to the other.

 

If it were me I’d probably do some timed “host” or “dig” commands for the two records to verify name resolution itself wasn’t a problem.  

 

I guess it MIGHT be a minutely slower to resolve www if it is a CNAME to the other as opposed to both being A records.   However, since this is a fairly common practice I doubt it is likely to be of major importance in overall timing.

 

 

 

 

Athena®, Created for the Cause

Making a Difference in the Fight Against Breast Cancer

 

 

How and Why I Should Support Bottled Water!
Do not relinquish your right to choose bottled water as a healthy alternative to beverages that contain sugar, calories, etc. Your support of bottled water will make a difference! Your signatures count! Go to http://www.bottledwatermatters.org/luv-bottledwater-iframe/dswaters and sign a petition to support your right to always choose bottled water. Help fight federal and state issues, such as bottle deposits (or taxes) and organizations that want to ban the sale of bottled water. Support community curbside recycling programs. Support bottled water as a healthy way to maintain proper hydration. Our goal is 50,000 signatures. Share this petition with your friends and family today!

 

---------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------

 

Sten Carlsen

unread,
Nov 26, 2012, 1:28:23 PM11/26/12
to bind-...@lists.isc.org

On 26/11/12 19:12, Adamiec, Lawrence wrote:
To the best of my knowledge, there are no problems with our DNS.  We only host 25 domains.

The report must also address these two specific questions:

  1. Why does www.kentlaw.iit.edu load quicker than kentlaw.iit.edu in any browser?
  2. What happens if we remove the forwarders option from named.conf?
I can't duplicate the issue in Q1 and I'm trying to determine a way of testing Q2.
In my browser the speeds are opposite, in both cases the key time is spent waiting for the web server.

Case 2: if your DNS server has access to the internet, you will likely see an increase in speed. There are some test suites to test the general lookup speeds of servers, try with and without forwarders. I guess your numbers are better without but nobody will notice any difference in real life. In some cases there are some blocking of specific sites in place, those you will lose with no forwarder.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-...@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

-- 
Best regards

Sten Carlsen

No improvements come from shouting:
       "MALE BOVINE MANURE!!!"

Sten Carlsen

unread,
Nov 26, 2012, 1:32:12 PM11/26/12
to bind-...@lists.isc.org

On 26/11/12 19:23, Lightner, Jeff wrote:

For question 1:

“Loading” is a function of the web site not DNS.  Your first question could have to do what the default site is in your web configuration and what kind of rewrite rules are getting you to the other.

 

If it were me I’d probably do some timed “host” or “dig” commands for the two records to verify name resolution itself wasn’t a problem.  

 

I guess it MIGHT be a minutely slower to resolve www if it is a CNAME to the other as opposed to both being A records.   However, since this is a fairly common practice I doubt it is likely to be of major importance in overall timing.

I checked with firebug DNS is in ms and loading the first file was 1.53s and 3.07s in the two cases(the file is 9.7kB), so external access does not depend on fast DNS, you need to focus on the web server.

 

From: bind-users-bounces+jlightner=wate...@lists.isc.org [mailto:bind-users-bounces+jlightner=wate...@lists.isc.org] On Behalf Of Adamiec, Lawrence
Sent: Monday, November 26, 2012 1:13 PM
To: bind-...@lists.isc.org
Subject: Re: Performance tuning

 

To the best of my knowledge, there are no problems with our DNS.  We only host 25 domains.

 

The report must also address these two specific questions:

 

  1. Why does www.kentlaw.iit.edu load quicker than kentlaw.iit.edu in any browser?
  2. What happens if we remove the forwarders option from named.conf?

I can't duplicate the issue in Q1 and I'm trying to determine a way of testing Q2.

 

Larry

 

 

 

 

Athena®, Created for the Cause

Making a Difference in the Fight Against Breast Cancer

 

 

How and Why I Should Support Bottled Water!
Do not relinquish your right to choose bottled water as a healthy alternative to beverages that contain sugar, calories, etc. Your support of bottled water will make a difference! Your signatures count! Go to http://www.bottledwatermatters.org/luv-bottledwater-iframe/dswaters and sign a petition to support your right to always choose bottled water. Help fight federal and state issues, such as bottle deposits (or taxes) and organizations that want to ban the sale of bottled water. Support community curbside recycling programs. Support bottled water as a healthy way to maintain proper hydration. Our goal is 50,000 signatures. Share this petition with your friends and family today!

 

---------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------

 



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-...@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Edward DeLargy

unread,
Nov 26, 2012, 1:32:23 PM11/26/12
to Lightner, Jeff, bind-...@lists.isc.org
Hello,
        This sounds suspiciously like a customer I deal with trying to figure out if they want to upgrade their hardware. The bottom line is with BIND logging your not really going to get all of these specifics. You will need to utilize the regular logging for the OS level on some of this to get to the real issues. The bottom line is that BIND doesn't really effect much of the system and ram depending on your environment and cache.

Regards,
Ed


On Mon, Nov 26, 2012 at 1:23 PM, Lightner, Jeff <JLig...@water.com> wrote:

For question 1:

“Loading” is a function of the web site not DNS.  Your first question could have to do what the default site is in your web configuration and what kind of rewrite rules are getting you to the other.

 

If it were me I’d probably do some timed “host” or “dig” commands for the two records to verify name resolution itself wasn’t a problem.  

 

I guess it MIGHT be a minutely slower to resolve www if it is a CNAME to the other as opposed to both being A records.   However, since this is a fairly common practice I doubt it is likely to be of major importance in overall timing.

 

From: bind-users-bounces+jlightner=wate...@lists.isc.org [mailto:bind-users-bounces+jlightner=wate...@lists.isc.org] On Behalf Of Adamiec, Lawrence

Ben Croswell

unread,
Nov 26, 2012, 1:34:14 PM11/26/12
to Adamiec, Lawrence, bind-...@lists.isc.org


I did digs to both names from my work DNS infrastructure.  The response was 58ms to resolve the WWW entry and 44ms for the non WWW entry. Would not appear to be a resolution related slow down.
-Ben Croswell

Chuck Swiger

unread,
Nov 26, 2012, 1:40:40 PM11/26/12
to Adamiec, Lawrence, bind-...@lists.isc.org
Hi--

On Nov 26, 2012, at 10:12 AM, Adamiec, Lawrence wrote:
> The report must also address these two specific questions:
>
> • Why does www.kentlaw.iit.edu load quicker than kentlaw.iit.edu in any browser?
> • What happens if we remove the forwarders option from named.conf?
> I can't duplicate the issue in Q1 and I'm trying to determine a way of testing Q2.

Q1 isn't related to DNS performance; both of the names you mention resolve to the same IP address via an A record. There wasn't a significant difference in response time I saw by loading the webpages (both took ~1.3 s per curl), but one likely could improve webserver performance by running Apache, nginx, or almost anything else instead of than Microsoft's IIS.

The domain seems to be missing A records for your nameservers, however:

http://www.dnsvalidation.com/reports/50b3b5167d79ee02b8000026

As for Q2, it depends on whether the nameservers you are pointing to do better in caching queries then your local nameservers would doing recursive lookups for themselves. If the local nameservers have poor connectivity compared to the forwarders, maybe, otherwise it's probably not helpful to use forwarders.

Regards,
--
-Chuck

Leonardo Santagostini

unread,
Nov 26, 2012, 2:25:44 PM11/26/12
to Chuck Swiger, bind-...@lists.isc.org
I see no problems.

[ec2-user@domU-12-31-39-06-2E-64 ~]$ time dig www.kentlaw.iit.edu

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.6.amzn1 <<>> www.kentlaw.iit.edu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54160
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.kentlaw.iit.edu.           IN      A

;; ANSWER SECTION:
www.kentlaw.iit.edu.    86400   IN      A       64.131.119.9

;; Query time: 847 msec
;; SERVER: 200.51.197.187#53(200.51.197.187)
;; WHEN: Mon Nov 26 19:23:46 2012
;; MSG SIZE  rcvd: 53


real    0m0.854s
user    0m0.000s
sys     0m0.008s
[ec2-user@domU-12-31-39-06-2E-64 ~]$ time dig kentlaw.iit.edu

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.6.amzn1 <<>> kentlaw.iit.edu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39163
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;kentlaw.iit.edu.               IN      A

;; ANSWER SECTION:
kentlaw.iit.edu.        86400   IN      A       64.131.119.9

;; Query time: 780 msec
;; SERVER: 200.51.197.187#53(200.51.197.187)
;; WHEN: Mon Nov 26 19:24:11 2012
;; MSG SIZE  rcvd: 49


real    0m0.799s
user    0m0.004s
sys     0m0.016s
[ec2-user@domU-12-31-39-06-2E-64 ~]$

Hope that helps.

regards
Saludos.-
Leonardo Santagostini







2012/11/26 Chuck Swiger <csw...@mac.com>

Adamiec, Lawrence

unread,
Nov 26, 2012, 5:15:11 PM11/26/12
to bind-...@lists.isc.org
Thanks to everyone who replied.


Larry

WBr...@e1b.org

unread,
Nov 27, 2012, 9:11:10 AM11/27/12
to Adamiec, Lawrence, bind-users-bounc...@lists.isc.org, bind-...@lists.isc.org
"Adamiec, Lawrence" <lada...@kentlaw.iit.edu> wrote on 11/26/2012
01:12:48 PM:


> To the best of my knowledge, there are no problems with our DNS. We
> only host 25 domains.
>
> The report must also address these two specific questions:
>
> 1. Why does www.kentlaw.iit.edu load quicker than kentlaw.iit.edu in
> any browser?

Are you sure this is a DNS issue? Test it by adding both to /etc/hosts
(or Windows equal). Reboot and flush all caches between tests.

> 2. What happens if we remove the forwarders option from named.conf?

Depends why you have the forwarders.
.
> I can't duplicate the issue in Q1 and I'm trying to determine a way
> of testing Q2.

Oh the joys of intermittent problems. Are you sure the issues reported as
Q1 are real? Have the web site folks been involved in discussions or are
they just blaming DNS without testing anything?

If possible sneak host file entries onto a handful of user machines and
see if they still complain.





Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.

Adamiec, Lawrence

unread,
Nov 27, 2012, 1:01:41 PM11/27/12
to bind-...@lists.isc.org
Hi,

My original post was about writing a report to optimize our DNS servers and the report needed to address two questions.  Based on the answers I received, I will write our servers are already optimized and no further tuning is needed.

Now about the two specific questions for the report.

Q1 --  I don't believe the problem is DNS related.  However, I have not been able to recreate the trouble so I don't know if there is any problem.  As other list members have posted, they didn't have any problems with the pages rendering either.  As far as asking me about the web sites staff, well, I am the technical contact for our web sites.  Our Public Affairs department handles content related issues and I take of all server related things.  I will double check the web server, but it shouldn't be using any rewrites for the main page.  And I don't know who is complaining about the pages.  This question came from my boss.

Q2 --  The forwarders statement was added to our config file about six years ago.  Some users complained they could not reach two or three specific web sites outside our domain.  At that time, one of our network staff members told me his nslookup for the sites were timing out.  I was instructed to insert the forwarder statement with the main campus servers acting as the forwarder.  The time outs stopped and people stopped complaining.  I don't know that adding the forwarder statement actually fixed any trouble but nslookups did not time out, people stopped complaining, and my boss was happy.  (I know dig is better).  Unfortunately, I don't remember which sites people were complaining about.


Larry

Carsten Strotmann

unread,
Nov 28, 2012, 9:54:15 AM11/28/12
to Adamiec, Lawrence, bind-...@lists.isc.org
"Adamiec, Lawrence" <lada...@kentlaw.iit.edu> writes:

Hello Lawrence,

you problems might not be related to the configuration of your DNS
Server software (BIND), but it can be related to your internal name
resolution inside your organisation (forwarders, caches, mixed
caching/authoritative DNS etc).

Do you see the speed difference on the two websites (URLs for the
Websites) from within your organisation, or when using an "outside"
view (from home etc)?

Of course we here in this mailing list can only have the look from
outside, and that looks ok.

Optimizing an internal DNS name resolution infrastructure requires
someone that has knowledge on all possible name lookup path in a
network (DNS, WINS, NetBT ...) and a good DNS knowledge.

I would recommend to get an expert onsite for an DNS audit if you see
the performance problem inside your organizations network. The BIND
configuration is usually not the issue.

Best regards

Carsten Strotmann

0 new messages