TWISC@NCTU DNSSEC 力 1.1 TWISC@NCTU 參 李
錄 1.... 1 2. BIND 什... 2 3. BIND... 3 3.1. BIND... 3 3.2. BIND 率... 3 4. 力... 5 4.1. AUTHORITATIVE SERVER 力... 5 4.2. RESOLVER 力... 6 5.... 9 索... 10
錄 1 DNS Software Popularity by The Measurement Factory... 4 2 Authoritative Server Stress Test Result in Average Case... 6 3 Authoritative Server Stress Test Result in Worst Case... 6 4 Resolver Stress Test Result in Average Case... 7 5 Resolver Stress Test Result in Worst Case... 8
1. DNS BIND BIND 什 BIND 歷 狀 讀 BIND 識 列 BIND DNS 率 BIND 度 BIND 行 力 BIND 連串 來 BIND DNSSEC
2. BIND 什 BIND Berkeley Internet Name Domain DNS DARPA (Defense Advanced Research Projects Administration) 來 CSRG (Computer Systems Research Group) BIND CSRGDigital Equipment Corporation ( HP)Vixie Enterprises 4.9.3 BIND ISC (Internet Systems Consortium) 來 1997 年 5 BIND BIND 8 production-ready BIND BIND BIND 9.8.1-P1 BIND 9 ISC Nominum BIND 參 Compaq Computer Corporation Hewlett Packard IBM IPWorks, Inc. Network Associates, Inc. Silicon Graphics, Inc. Stichting NLNet Sun Microsystems, Inc. U.S. Defense Information Systems Agency (DISA) USENIX Association Verisign, Inc. BIND 率 DNS
3. BIND 3.1. BIND DNS BIND 不 利 dig 列 1) Root Servers (.) 了 13 DNS Root Server dig Wikipedia Root Name Server 料 [1] 13 Root Name Server 了 NSD (Name Server Daemon) 10 BIND DNSSEC 2) (.gov).gov 2 Name Server BIND DNSSEC 3) (.se) 10.se Name Server 8 BIND DNSSEC 4) (.tw) 9.tw Name Server 3 BIND DNSSEC 5) (.cz) 5.cz Name Server 4 BIND DNSSEC 3.2. BIND 率 DNS Survey: October 2008 [2] The Measurement
Factory 路 DNS Server 行了 連串 數 參 Dataset I 路 Dataset II.com/.net Authoritative Server Server software Dataset I Dataset II BIND 263,011 42.54% 618,949 58.65% Nominum CNS/ANS 72,560 11.74% 4,612 0.44% vermicelli totd 11,226 1.82% 273 0.03% VeriSign ATLAS 10,093 1.63% 153 0.01% Mikrotik dsl/cable 5,442 0.88% 0 0% ATOS Stargate ADSL 3,578 0.58% 0 0% robtex Viking DNS module 1,823 0.29% 0 0% DJ Bernstein TinyDNS 1,226 0.20% 47,632 4.51% bboy MyDNS 1,219 0.20% 41,927 3.97% JHSOFT simple DNS plus 572 0.09% 13,523 1.28% PowerDNS 618 0.10% 48,275 4.57% Microsoft Windows DNS 2003 530 0.09% 1,082 0.10% Alteon ACEswitch 511 0.08% 0 0% Cisco CNR 484 0.08% 270 0.03% Runtop dsl/cable 479 0.08% 544 0.05% Raiden DNSD 378 0.06% 2 0% Beehive CoDoNS 304 0.05% 5 0% Axis video server 289 0.05% 0 0% sheerdns 230 0.04% 270 0.03% Microsoft Windows DNS 2000 234 0.04% 551 0.05% Microsoft Windows DNS NT4 218 0.04% 825 0.08% Other 244,354 39.52% 277,227 26.27% No match found 122,155 19.76% 131,746 12.48% timeout 120,166 19.43% 131,097 12.42% no result 1,102 0.16% 13,461 21.07%
4. 力 力 利 Server 量 DNSSEC Server 狀 4.1. Authoritative Server 力 Authoritative Server 力 FreeBSD 8.2-RELEASE 64-bit DNSSEC Authoritative Server 1) 錄 DNS 2) 錄 DNSSEC 3) 不 錄 DNS 4) 不 錄 DNSSEC 類 力 量 狀 4.1.1. Average Case Authoritative Server KSK 金 度 2048bit ZSK 金 度 1024bit NSEC3 iteration100 量 狀 錄 DNS ~648M DNSSEC ~504M
不 錄 DNS ~720M DNSSEC ~36M 4.1.2. Worst Case Authoritative Server KSK 金 度 2048bit() ZSK 金 度 2048bit() NSEC3 iteration150 () 量 狀 錄 不 錄 DNS ~648M DNSSEC ~324M DNS ~720M DNSSEC ~36M 4.2. Resolver 力 Resolver 力 Ubuntu 11.10 Server 64-bit DNSSEC Resolver 5) 錄 DNS 6) 錄 DNSSEC 7) 不 錄 DNS 8) 不 錄 DNSSEC
類 力 量 狀 Resolver 力 不 Resolver 4.2.1. Average Case Resolver KSK 金 度 2048bit ZSK 金 度 1024bit NSEC3 iteration100 量 狀 錄 不 錄 DNS ~36M DNSSEC ~36M DNS ~14.4M DNSSEC ~14.4M 4.2.2. Worst Case Resolver KSK 金 度 2048bit() ZSK 金 度 2048bit() NSEC3 iteration150 ()
量 狀 錄 不 錄 DNS ~36M DNSSEC ~36M DNS ~9M DNSSEC ~9M
5. 料 BIND 不 良 良 了 歷 了 易 力 了 BIND DNS DNSSEC BIND
索 [1] Root name server. Wikipedia: http://en.wikipedia.org/wiki/root_name_server [2] DNS Survey: October 2008. The Measurement Factory: http://dns.measurement-factory.com/surveys/200810.html