0

I would like to create a DNS resolver using Bind9 so all my organization's DNS queries go to this resolver (DNS queries for external domains. The resolver should not be authoritative for the organization's domain). I will restrict the incoming requests from the outside.

I tried to search for information about the the load that such resolver can handle:

  1. What is the rate of DNS queries that Bind9 can serve? How many queries per second? Probably, it is also a function of the machine and the bandwidth (assumed to be high), so response that is a function of the machine settings is good as well.
  2. Are there any other better alternatives?

Thanks!

Gari BN
  • 101
  • 2
  • @MichaelHampton Unfortunately no. I know that there is no one simple answer. I tried searching for benchmarking and such things, and hope that somebody who has the same dilemma or operates a resolver can provide some insights about the process. I'm looking for some initial data to launch an analysis on top of it. – Gari BN Sep 29 '20 at 18:46
  • "Probably, it is also a function of the machine and the bandwidth" Most probably yes, so what can you expect as an answer? You are not giving any kind of data yourself, like number of zones, or volume, if you do any DNSSEC, etc. It is not even clear if you are speaking about authoritative or recursive (I guess the first case, but not sure). Also about 2), yes there are so why do you focus your question already? Some were in fact written exactly for the reason of real or perceived slowness, or other defects. See nsd, PowerDNS, Yadifa, KnotDNS among the most well known. – Patrick Mevzek Sep 29 '20 at 21:56
  • 1
    "I'm looking for some initial data to launch an analysis on top of it." There is only one sane way to do this: install the software on your box, and test it. That way you control everything (you can try different software, different versions, different boxes size, etc.) AND the numbers you will get, if you are careful in your tests, should reflect your specific use case and hence are immediately actionable. Also, if you are in early stages, why having decided to handle everything internally? Did you think about using external DNS providers? If not, why? – Patrick Mevzek Sep 29 '20 at 21:58

1 Answers1

0

F-Root is run by ISC and is running BIND 9. You can get the daily traffic stats. See https://root-servers.org/ to get the number of servers (currently 242). The recommended configuration is Dell PowerEdge R340 costing "about $3000 delivered." You should be able to math out the performance metrics you are looking for with this data.

(Yes, I'm joking.)

Mark Wagner
  • 17,764
  • 2
  • 30
  • 47