Bit of an off-topic request.
Does anyone has any stats on Recursive DNS appliances (infoblox
etc) vs Bind on a server?
Has anyone actually seen real life improvements?
From: nznog-bounces@list.waikato.ac.nz
[mailto:nznog-bounces@list.waikato.ac.nz] On Behalf Of Perry Lorier
Sent: Sunday, 13 June 2010 2:22 p.m.
To: NZNOG List
Subject: [nznog] New Zealand DNS Performance
After the discussion a few
weeks back about DNS performance, I asked one of my colleagues, Brendon Jones
to add DNS performance to the gTLD/Root servers to our Active Measurement
Platform (AMP) which is already monitoring the .nz nameservers. These
have now had a while to collect some data and show a fairly interesting (and
IMHO pretty visualisation of New Zealands DNS performance)
* http://erg.cs.waikato.ac.nz/amp/matrix.php/latency/NZ/NZ+DNS
For starters, we've in the past measured performance to the .nz ccTLD name servers to track their performance within
New Zealand. This shows a pretty healthy coverage for .nz. Full
marks to all the people who have done the hard work to make this happen.
* http://erg.cs.waikato.ac.nz/amp/matrix.php/hops/NZ/NZ+DNS
This in comparison shows how many hops we see in a traceroute to the .nz ccTLD
servers. All the New Zealand name servers are firewalled in such a way we can't
get an accurate count, but this at least provides a lower bound. You can
see people who don't peer at WIX don't see the near instance of ns7.
* http://erg.cs.waikato.ac.nz/amp/matrix.php/latency/NZ/root+DNS
* http://erg.cs.waikato.ac.nz/amp/matrix.php/hops/NZ/root+DNS
Second up, we added a test to all of our measurement points to the Root
Servers. This shows quite distinctively that there are several
places in New Zealand whose peering policy means that they don't see
some, or in the case of Otago Uni's CS Dept, any, New Zealand based
instances. vuw interestingly doesn't appear to be able to contact any
f.root instance at all. New Zealand seems to be fairly well covered
with F, I, J and even a fairly close K root.
* http://erg.cs.waikato.ac.nz/amp/matrix.php/latency/NZ/gtld+DNS
* http://erg.cs.waikato.ac.nz/amp/matrix.php/hops/NZ/gtld+DNS
This shows the same visualisation to all of the gTLD servers. This shows
a much more unhappy view of New Zealand. Our monitoring points are quite
biased towards universities which generally prefer KAREN, which has poor
coverage (which appears to be due to KARENs policies) and thus show very poor
numbers. However it doesn't paint a particularly rosy picture for much of the
rest of New Zealand either, with Maxnet and TheLoop also failing to find any
instances anywhere near New Zealand at all.
* http://erg.cs.waikato.ac.nz/amp/matrix.php/latency/NZ/afilias+DNS
* http://erg.cs.waikato.ac.nz/amp/matrix.php/hops/NZ/afilias+DNS
Afilias provide nameserving for several zones including .org/.mobi and so
on. Right this instant TelstraClear doesn't appear to be able to get to b0.org.afilias-nst.org at all, so again many of the universities
show failures, although this time it doesn't appear to be routing issues with
KAREN.
Also, just as we were setting up collecting some test data (but unfortunately
not traceroute data), KAREN coincidentally had a major outage in Hamilton which
impacted the University of Waikato. This let us see what happens when
KAREN's routes aren't available: (See? Unscheduled outages /can/ have an
upside!)
http://erg.cs.waikato.ac.nz/amp/graph.php?src=ampz-waikato&dst=b.root-servers.net&rge=1-day&date=2010-05-25
http://erg.cs.waikato.ac.nz/amp/graph.php?src=ampz-waikato&dst=e.root-servers.net&rge=1-day&date=2010-05-25
http://erg.cs.waikato.ac.nz/amp/graph.php?src=ampz-waikato&dst=j.root-servers.net&rge=1-day&date=2010-05-25
http://erg.cs.waikato.ac.nz/amp/graph.php?src=ampz-waikato&dst=k.root-servers.net&rge=1-day&date=2010-05-25
This shows that if we don't have KAREN routes available, then our performance
to b, e, j and k root *improves*, Sigh. Also our performance to F root
degrades as our commodity internet connection suddenly has to handle the
additional load: http://erg.cs.waikato.ac.nz/amp/graph.php?src=ampz-waikato&dst=f.root-servers.net&rge=1-day&date=2010-05-25
So, all in all, New Zealand's DNS Performance is better than I had seen (my two
measurement points inside Waikato University and Rurallink were two of the
worst to choose from, Rurallink doesn't yet host an AMP node so doesn't appear
here).
Hopefully KAREN will in the future consider hosting/peering directly with at
least a root server, and NZ ccTLD server so if an Universities commidity
connection falls over then you can still resolve (and therefore create new
connections to) other research institutions. KAREN could either start not
accepting "scenic" routes from other R&E networks for other
anycast instances of Root/gTLD/ccTLD servers, or provide access to them via
less amusing routes by increasing their peering.
People who don't peer at WIX miss out on the instances hosted there. If
you're not peering, some of your customers are getting slower results for DNS
lookups than necessary making web pages take longer, to load, and thus your
service appear to be slower. Yet another reason to improve your peering.
Ideas and comments welcomed!