To test recursive DNS performance, three components are required.
- Client running DNSBlast
- DNS server
- Fake DNS responder
Here are a couple of ideas for creating a fake DNS responder
The fake DNS responder should be added as a forwarder on the DNS server being tested with a "forward-only" configuration. Below is a depiction of the setup.
+---------------+ +---------------+
| | | |
| Client +-------------------------->+ Device +
| (DNSBlast) +<--------------------------+ under Test |
| | | (DNS Server) |
+---------------+ +-----+---+-----+
| ^
| |
| |
v |
+-----+---+------+
| Fake DNS |
| Responder |
| |
+----------------+
The other thing to consider in a recursive test is the cache hit ratio. Cache hit ratio refers to the ratio of queries being answered from cache to the queries being answered via recursive lookup.
Note: 0% CHR would give the worst performance, 100% CHR would give the best performance. The real world scenario is usually 95% - 97%
Only 0% CHR and 100% CHR are currently implemented in DNSBlast. 0% CHR is the default. To use 100% CHR use the "-c" flag with a value of 100.
Note: When using 100% CHR, the recursive cache is first filled with domain names via queries. These domain names are then queried to test the performance. The obvious caveat here is, if the server forwards to another server which gives 0TTL responses, these entries would not get in the cache and you would not get optimum performance.
Below is a sample.
$ ./dnsblast -s 192.168.130.9 -c 100 -l 10 -r 50000 -q 100
Putting entries in cache; hoping no 0 ttl responses
25000 / 25000 [-------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 1100 p/s
EXECUTING TEST
+-----------------------------------------------------------+
2020/03/17 22:54:11 QPS/Thread: 6300 Latency: 7.524151ms
2020/03/17 22:54:12 QPS/Thread: 6300 Latency: 15.376776ms
2020/03/17 22:54:13 QPS/Thread: 18400 Latency: 8.008384ms
2020/03/17 22:54:14 QPS/Thread: 12000 Latency: 16.650758ms
2020/03/17 22:54:15 QPS/Thread: 12000 Latency: 20.435642ms
2020/03/17 22:54:16 QPS/Thread: 5900 Latency: 50.670314ms
2020/03/17 22:54:17 QPS/Thread: 17900 Latency: 19.744376ms
2020/03/17 22:54:18 QPS/Thread: 5800 Latency: 69.115784ms
2020/03/17 22:54:19 QPS/Thread: 17500 Latency: 25.57571ms
2020/03/17 22:54:20 QPS/Thread: 11400 Latency: 44.270671ms
2020/03/17 22:54:21 QPS/Thread: 16800 Latency: 33.015866ms
2020/03/17 22:54:22 QPS/Thread: 11200 Latency: 54.059175ms
2020/03/17 22:54:23 QPS/Thread: 10900 Latency: 60.447635ms
+-----------------------------------------------------------+
REPORT
+---------------------+------------------------+
| Target Server | udp://192.168.130.9:53 |
| Test | Cached Responses |
| Send Rate | 50000 Queries/Sec |
| Threads | 2 |
| Duration of test | 10 Sec |
| Protocol | UDP |
| Average Queries/Sec | 19900 |
| Average Latency | 28.780419ms |
+---------------------+------------------------+
Note: Using "-c 100" along with an input file is not properly implemented now. If using an input file, dont use the "-c" flag. Around 99% percent of the responses would be from cache in this case ( could vary depending on the input file size and test duration ).