Quick & Dirty Hammering of PowerDNS

Originally published July 24th, 2012

PowerDNS is a cool DNS server I’ve been looking at for a while now.
It’s known mainly for having a very good security history, being fast and efficient, and being easy to configure & extend. My take is, it is to bind as Nginx is to Apache — a newer generation of simpler, more efficient software.

My initial scoping out vs. bind9:

BIND9PDNSGeoPatch or
Shell Scripts

http://phix.me/geodns/
http://code.google.com/p/bind-geoip/Yes — module

http://doc.powerdns.com/geo.htmlCentOS reposYepYepUbuntu reposYepYepPersonnel ExperienceSomeLessConfig ComplexityMore ComplexLess ComplexChrootableYesYesDB BackendsYes
Requires recompile afaik

http://mysql-bind.sourceforge.net/Yes — module

http://doc.powerdns.com/configuring-db-connection.htmlManagement ConsoleText or SQL clientText or SQL clientManagement GUIWebminYes
Simplest, poweradmin in reposExtensibilityCould not find — may have?Easy

http://doc.powerdns.com/pipebackend-dynamic-resolution.html

http://wiki.powerdns.com/trac/browser/trunk/pdns/modules/pipebackend/backend.pl

Notable usersManyWikipedia
Deutsche Telekom
Verizon (Europe)
YahooUsage & SupportVery Good

Mailing list archive June 2012
224 messages
https://lists.isc.org/pipermail/bind-users/2012-July/date.html
Pretty Good

Mailing list archive June 2012
57 messages
http://mailman.powerdns.com/pipermail/pdns-users/2012-July/date.html#startSecurity historyBad
http://www.kb.cert.org/vuls/byid?searchview

Very good

Cache poisoning advisory in 2008 which was fixed in 2006

DOS in Jan 2012 (notified & fixed same time by creators)

Only mention on CERT is as “not affected”Mentions on HNhttp://www.hnsearch.com/search#request/all&q=bind+dns&start=0
http://www.hnsearch.com/search#request/all&q=powerdns&start=0

OK so it’s probably biased because PDNS is the New Thing.

Still, seems like a goer.

Wanted to do some quick and dirty benchmarking of it.

Wrote a quick script to ask it for random hosts, for which it is authoritative, nonstop over a minute:

#!/bin/bash

echo “Digging for 1 minute”

sleep 1

mins=1

ts_cur=`date +%s`

ts_fin=`echo $ts_cur + ${mins} \* 60 | bc`

#echo $ts_fin

count=0

while [ $ts_fin -gt $ts_cur ] ; do

ts_cur=`date +%s`

let count+=1

dig ${RANDOM}.mydomain.com @my_pdns_server

done

echo “$count digs done”

exit 0

Couldn’t get measurable load running on 5 hosts

(4 of which were on the same network as the pdns server).

So ran 4 backgrounded instances of it at once on each.

Server was a VM

CentOS 6.2 on Dual Xeon E5640 with 32gb ram (though ram hardly came into it)

PDNS install vanilla, no config/caching changes, MySQL backend.

Got load to about 1/16 with estimated 4000rps

So perhaps 100% load at around 64k rps. Pretty damn good.

As mentioned though, pretty unsophisticated benchmark and config.

Some things I’d like to try with more time:

• Actually populate the A records with heaps of random hostnames, some of which would match requests
• Measure response/fails
• Tweak the host requests to max
• Tweak config of pdns

For time being I’m going with it, looks like a winner to me.

Comments

Stefan Schmidt February 1, 2013 at 7:29 AM

Let me suggest Nominums dnsperf for Performance Testing. http://www.nominum.com/support/measurement-tools/
However it must be said that results greatly depend on configuration and working set. I.e. if the cache is warmed up or not.