Bind9 DNS rate limit or QPS optimization

Asif ali Ali

9/17/23, 6:28 AM

Hello everyone hope you all fine, I am working on DNS bind on centOS 7, need to optimize, in our environment currently 30000 to 40000 qps checked by dnstop command, at peak hours DNS start dropped some queries, kindly advise how to optimize my DNS to perform maximum QPS by utilizing VM resources to avoid from dropping queries in peak hours, DNS virtual machine resources 32G RAM 16CPU's, we have to optimize our DNS to perform 60000 to 80000 Queries per second kindly guide...

Here is my DNS bind configuration..

options {

    listen-on port 53 { 127.0.0.1;  x.x.x.x; };
    listen-on-v6 port 53 { any; };

    directory       "/var/named";
    dump-file       "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursion yes;
    allow-query { clients; };

    allow-recursion { clients; };

    allow-query-cache { clients; };

    allow-transfer { "slaves"; };

    tcp-clients 2000;
    additional-from-cache no;
    dnssec-enable no;
    dnssec-validation no;
    dnssec-lookaside auto;
    auth-nxdomain no;
    max-cache-size 10000m;
    max-ncache-ttl 86400;
    max-cache-ttl 259200;
    recursive-clients 80000;
    check-names master ignore;
    check-names slave ignore;
    check-names response ignore;

0 + 0

domain-name-system

bind

rate-limiting

Rob

9/17/23, 7:19 AM

My first impression is that 40.000 queries per second is quite a lot and with such a load ISC Bind may not necessarily be the first limiting factor or primary bottleneck . Other OS and/or network limitation may have been reached. Are you monitoring those already? Is your server an authoritative or recursive name server or both? If is both - split those roles. If it is authoritative: consider increasing default TTL's (that has several performance benefits). Of interest: https://kb.isc.org/docs/bind-best-practices-authoritative

Rob

9/17/23, 7:28 AM

`max-cache-size 10000m;` seems a bit low for a system with 32 GB of RAM memory https://bind9.readthedocs.io/en/v9_16_4/reference.html#server-resource-limits

Patrick Mevzek

9/17/23, 7:29 AM

Separate recursive and authoritative functions. Then you can optimize each part separately. Recursive should be pretty easy to scale by adding more servers.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Bind9 DNS rate limit or QPS optimization

TH: การจำกัดอัตรา DNS ของ Bind9 หรือการเพิ่มประสิทธิภาพ QPS

RO: Limită de rată DNS Bind9 sau optimizare QPS

RU: Ограничение скорости Bind9 DNS или оптимизация QPS

VI: Giới hạn tốc độ Bind9 DNS hoặc tối ưu hóa QPS

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.