Re: [Pdns-users] Meltdown impact on PowerDNS/dnsdist

[Michael Ströder]

bert hubert wrote:
> We have done some very tentative measurements on the Linux Meltdown
> workaround & impact on DNS performance.

Besides the performance impact of the "fixes" doesn't this mean that
people should stop doing DNSSEC signing on-the-fly on the authorative
server and move DNSSEC signing to isolated systems?

Ciao, Michael.



smime.p7s
Description: S/MIME Cryptographic Signature
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] Meltdown impact on PowerDNS/dnsdist

[bert hubert]

Hi everybody,

We have done some very tentative measurements on the Linux Meltdown
workaround & impact on DNS performance.

Based on very early measurements we see around a 10% impact in queries per
second for a UDP heavy workload. 

In addition, one largescale user of PowerDNS Authoritative Server on
PostgreSQL suspects the performance problems they see coincided with the
rollout of Meltdown workarounds, but we're still investigating.

Finally, we did a writeup what Meltdown and specifically Spectre actually
are, which you can find on https://ds9a.nl/articles/posts/spectre-meltdown/

We will keep you posted as we learn more!

Bert
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users