Performance Question for Non-Validating server
Guevara, Daniel
Daniel_Guevara at intuit.com
Mon Oct 7 21:42:43 UTC 2019
I want to confirm if this behavior is to be expected…
I have built a custom CentOS RPM (based on previous threads to use 1.9.3) since we just want to use unbound for forwarding and not do any validation. What I found is that the performance is significantly worse than the GA CentOS 7 RPM (1.6.6) with validation enabled.
We are testing resolution of 2000 domains. On the RPM we built the average is roughly 50 domains per second. The config only uses unbound as a forwarder:
server:
username: "unbound"
pidfile: "/var/run/unbound.pid"
verbosity: 2
interface: 127.0.0.1
do-ip6: no
access-control: 127.0.0.0/8 allow
domain-insecure: "."
module-config: "iterator"
prefetch: yes
num-threads: 2
outgoing-range: 8192
num-queries-per-thread: 4096
so-reuseport: yes
msg-cache-slabs: 2
rrset-cache-slabs: 2
infra-cache-slabs: 2
key-cache-slabs: 2
On the GA RPM (using the same config file) but with the following 2 options commented out:
domain-insecure: "."
module-config: "iterator"
The performance is much better. We are able to do roughly 400 domains per second. I tried commenting them out on the 1.9.3 deployment and there was no noticeable performance impact.
My main question is the behavior expected? I was under the impression that non-validating would be faster than a validating server.
As stated before the main reason we are trying the custom build is to use unbound only for forwarding and not do root server look ups.
Thanks,
Daniel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20191007/ec10232e/attachment.htm>
More information about the Unbound-users
mailing list