Re: [Dnsmasq-discuss] Speed comparison dnsmasq - unbound?

2014-02-16 Thread /dev/rob0 
On Sun, Feb 16, 2014 at 07:38:37AM +0100, Oliver Rath wrote:
 did somebody some speed comparison tests for the dns caching
 functionality between dnsmasq and unbound (http://unbound.net/)?

Compare apples to apples. You're not doing that.

Dnsmasq is a DNS forwarder. Unbound is a DNS resolver. Unbound 
actually does the work of accepting recursive queries and then 
performing the iterative queries to find the answer.

Dnsmasq simply hands off these queries to a backend resolver, such as 
BIND named or unbound. Accordingly, I'd expect dnsmasq to be faster, 
but noting that the comparison is meaningless.

 Ive read that unbound is the fastest dns caching server including 
 dnssec support, but I could imagine, that dnsmasq has the same 
 speed (or better).

I've read a lot of things on the Internet. Some of them might have 
been true. Unqualified claims of speed are usually bogus. Such 
claims are especially difficult to establish in the realm of DNS, 
because your apparent speed is largely dependent upon random third 
parties' servers and the speed of their Internet connections.

Do you have a link to these speed studies? I'd like to see them.

 Unbound is the new standard dns caching server in FreeBSD 10 and
 replaces bind.

IIUC that's only partly true. BIND is a complete DNS implementation, 
whereas unbound is only a caching resolver. Those who are serving 
authoritative DNS to the world also need an authoritative DNS server 
such as BIND named or NLNetLabs' NSD.

Note, best practice usually demands separation of authoritative DNS 
service from recursive service. Unbound/NSD were began with this 
understanding, whereas BIND has roots going back to the very 
beginnings of DNS.

(The fact that named can do it all in one notwithstanding, this is 
not what ISC recommends. But it is a convenience for some small, 
internal-only sites, where that might override security concerns.)

 Just for interest.
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if /dev/rob0 is in the Subject:

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Speed comparison dnsmasq - unbound?

2014-02-16 Thread Oliver Rath 
Hi Rob,

thank you for the extensive clarification of the disparity between
dnsmasq and unbound. It wasnt clear to me that there are so big differences.

Tfh!
Oliver

Am 16.02.2014 15:06, schrieb /dev/rob0:
 [..]


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Speed comparison dnsmasq - unbound?

2014-02-16 Thread Dave Taht 
On Sun, Feb 16, 2014 at 9:06 AM, /dev/rob0 r...@gmx.co.uk wrote:
 On Sun, Feb 16, 2014 at 07:38:37AM +0100, Oliver Rath wrote:
 did somebody some speed comparison tests for the dns caching
 functionality between dnsmasq and unbound (http://unbound.net/)?

 Compare apples to apples. You're not doing that.

 Dnsmasq is a DNS forwarder. Unbound is a DNS resolver. Unbound
 actually does the work of accepting recursive queries and then
 performing the iterative queries to find the answer.

To be mildly more clear, DNSmasq is a caching forwarder,
(although I just discovered caching is turned off in ubuntu's implementation)

While not a recursing resolver, it can be configured as a primary dns server
for a small set of (sub)domains easily.

The fact that it caches, however, is very important.

 Dnsmasq simply hands off these queries to a backend resolver, such as
 BIND named or unbound. Accordingly, I'd expect dnsmasq to be faster,
 but noting that the comparison is meaningless.

 Ive read that unbound is the fastest dns caching server including
 dnssec support, but I could imagine, that dnsmasq has the same
 speed (or better).

 I've read a lot of things on the Internet. Some of them might have
 been true. Unqualified claims of speed are usually bogus. Such
 claims are especially difficult to establish in the realm of DNS,
 because your apparent speed is largely dependent upon random third
 parties' servers and the speed of their Internet connections.

 Do you have a link to these speed studies? I'd like to see them.

 Unbound is the new standard dns caching server in FreeBSD 10 and
 replaces bind.

 IIUC that's only partly true. BIND is a complete DNS implementation,
 whereas unbound is only a caching resolver. Those who are serving
 authoritative DNS to the world also need an authoritative DNS server
 such as BIND named or NLNetLabs' NSD.

 Note, best practice usually demands separation of authoritative DNS
 service from recursive service. Unbound/NSD were began with this
 understanding, whereas BIND has roots going back to the very
 beginnings of DNS.

 (The fact that named can do it all in one notwithstanding, this is
 not what ISC recommends. But it is a convenience for some small,
 internal-only sites, where that might override security concerns.)

 Just for interest.
 --
   http://rob0.nodns4.us/
   Offlist GMX mail is seen only if /dev/rob0 is in the Subject:

 ___
 Dnsmasq-discuss mailing list
 Dnsmasq-discuss@lists.thekelleys.org.uk
 http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss



-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss