Difference between revisions of "Dnspref"

From OnnoWiki
Jump to navigation Jump to search
 
(6 intermediate revisions by the same user not shown)
Line 22: Line 22:
 
==Membuat input file query==
 
==Membuat input file query==
  
A dnsperf input file should contain a large and realistic set of queries, on the order of ten thousand to a million. The input file contains one line per query, consisting of a domain name and an RR type name separated by a space. The class of the query is implicitly IN.
+
Sebuah file input dnsperf harus berisi satu set query yang besar dan realistik, dalam jumlah sepuluh ribu sampai jutaan. File input berisi satu baris per query, yang terdiri dari nama domain dan nama tipe RR dipisahkan oleh spasi. Kelas query secara implisit IN.
  
When measuring the performance serving non-terminal zones such as the root zone or TLDs, note that such servers spend most of their time providing referral responses, not authoritative answers. Therefore, a realistic input file might consist mostly of queries for type A for names *below*, not at, the delegations present in the zone. For example, when testing the performance of a server configured to be authoritative for the top-level domain "fi.", which contains delegations for domains like "helsinki.fi" and "turku.fi", the input file could contain lines like
+
Ketika mengukur kinerja melayani zona non-terminal seperti zona root atau TLD, diketahui bahwa server tersebut menghabiskan sebagian besar waktu mereka memberikan tanggapan rujukan, jawaban non authoritive. Oleh karena itu, file masukan yang realistis mungkin kebanyakan terdiri dari permintaan untuk tipe A untuk nama *tertentu*, tidak pada, kehadiran delegasi dalam zona. Misalnya, ketika menguji kinerja server dikonfigurasi untuk menjadi otoritatif untuk top-level domain "fi.", Yang berisi delegasi untuk domain seperti "helsinki.fi" dan "turku.fi", masukan file yang bisa berisi baris seperti
  
    www.turku.fi A
+
www.turku.fi A
    www.helsinki.fi A
+
www.helsinki.fi A
  
where the "www" prefix ensures that the server will respond with a referral. Ideally, a realistic proportion of queries for nonexistent domains should be mixed in with those for existing ones, and the lines of the input file should be in a random order.
+
di mana "www" awalan memastikan bahwa server akan merespon dengan rujukan. Idealnya, proporsi realistis query untuk domain tidak ada harus dicampur dengan yang sudah ada, dan baris dari file input harus acak.
  
Constructing a dynamic update input file
+
==Membangun Input File yang Update Secara Dinamik==
  
To test dynamic update performance, dnsperf is run with the -u option, and the input file is constructed of blocks of lines describing dynamic update messages. The first line in a block contains the zone name:
+
Untuk men-test dynamic update performance, dnsperf dijalankan dengan opsi -u, dan file input di bangun dari blok kalimat yang menjelaskan dynamic update message. Kalimat pertama di blok berisi nama zone, misalnya:
  
 
  example.com
 
  example.com
  
Subsequent lines contain prerequisites, if there are any. Prerequisites can specify that a name may or may not exist, an rrset may or may not exist, or an rrset exists and its rdata matches all specified rdata for that name and type. The keywords "require" and "prohibit" are followed by the appropriate information. All relative names are considered to be relative to the zone name. The following lines show the 5 types of prerequisites.
+
Kalimat selanjutnya berisi persyaratan, jika ada. Persyaratan dapat diberikan pada sebuah nama yang mungkin ada atau tidak ada, sebuah rrset mungkin ada atau tidak ada, atau jika ada rrset dan rdata-nya match ke semua rdata yang di spesifikasikan untuk name dan type. Keyword "require" dan "prohibit" di ikuti oleh informasi yang sesuai. Semua name relatif terhadap zone name. Kalimat berikut memperlihatkan 5 type persyaratan
  
 
  require a
 
  require a
Line 45: Line 45:
 
  prohibit x A
 
  prohibit x A
  
Subsequent lines contain records to be added, records to be deleted, rrsets to be deleted, or names to be deleted. The keywords "add" or "delete" are followed by the appropriate information. All relative names are considered to be relative to the zone name. The following lines show the 4 types of updates.
+
 
 +
Kalimat selanjutnya berisi record yang perlu di tambahkan, record yang perlu di delete, rrset yang perlu di delete, atau nama yang perlu di delete. Keyword "add" atau "delete" di ikuti dengan informasi yang benar. Semua nama relatif terhadap zone name. Kalimat berikut memperlihatkan 4 type dari update.
  
 
  add x 3600 A 10.1.2.3
 
  add x 3600 A 10.1.2.3
Line 52: Line 53:
 
  delete w
 
  delete w
  
Each update message is terminated by a line containing the command:
+
Setiap update message di akhiri dengan sebuah kalimat berisi perintah:
  
 
  send
 
  send
  
Running the tests
+
==Running the tests==
  
When running dnsperf, a data file (the -d option) and server (the -s option) will normally be specified. The output of dnsperf is mostly self-explanatory. Pay attention to the number of dropped packets reported - when running the test over a local Ethernet connection, it should be zero. If one or more packets has been dropped, there may be a problem with the network connection. In that case, the results should be considered suspect and the test repeated.
+
Saat menjalankan dnsperf, file data (pilihan -d) dan server (option -s) biasanya akan ditentukan. Output dari dnsperf sebagian besar cukup jelas. Perhatikan jumlah paket yang di drop - ketika menjalankan tes melalui koneksi Ethernet lokal, itu harus nol. Jika satu atau lebih paket telah drop, mungkin ada masalah dengan koneksi jaringan. Dalam hal ini, hasil harus dicurigai dan lakukan tes ulang.
 
 
Options
 
 
 
-a local_addr
 
  
 +
Options
 +
 +
-a local_addr
 
     Specifies the local address from which to send requests. The default is the wildcard address.  
 
     Specifies the local address from which to send requests. The default is the wildcard address.  
-b bufsize
+
-b bufsize
     Sets the size of the socket's send and receive buffers, in kilobytes. If not specified, the operating system's default is used.  
+
     Sets the size of the socket's send and receive buffers, in kilobytes.
-c clients
+
    If not specified, the operating system's default is used.  
 +
-c clients
 
     Act as multiple clients. Requests are sent from multiple sockets. The default is to act as 1 client.  
 
     Act as multiple clients. Requests are sent from multiple sockets. The default is to act as 1 client.  
-d datafile
+
-d datafile
 
     Specifies the input data file. If not specified, dnsperf will read from standard input.  
 
     Specifies the input data file. If not specified, dnsperf will read from standard input.  
-D
+
-D
 
     Sets the DO (DNSSEC OK) bit [RFC3225] in all packets sent. This also enables EDNS0, which is required for DNSSEC.  
 
     Sets the DO (DNSSEC OK) bit [RFC3225] in all packets sent. This also enables EDNS0, which is required for DNSSEC.  
-e
+
-e
 
     Enables EDNS0 [RFC2671], by adding an OPT record to all packets sent.  
 
     Enables EDNS0 [RFC2671], by adding an OPT record to all packets sent.  
-f family
+
-f family
     Specifies the address family used for sending DNS packets. The possible values are "inet", "inet6", or "any". If "any" (the default value) is specified, dnsperf will use whichever address family is appropriate for the server it is sending packets to.  
+
     Specifies the address family used for sending DNS packets. The possible values are "inet", "inet6", or "any".
-h
+
    If "any" (the default value) is specified, dnsperf will use whichever address family is
 +
    appropriate for the server it is sending packets to.  
 +
-h
 
     Print a usage statement and exit.  
 
     Print a usage statement and exit.  
-l limit
+
-l limit
     Specifies a time limit for the run, in seconds. This may cause the input to be read multiple times, or only some of the input to be read. The default behavior is to read the input once, and have no specific time limit.  
+
     Specifies a time limit for the run, in seconds. This may cause the input to be read multiple times,
-n runs_through_file
+
    or only some of the input to be read. The default behavior is to read the input once, and have no specific time limit.  
     Run through the input file at most this many times. If no time limit is set, the file will be read exactly this number of times; if a time limit is set, the file may be read fewer times.  
+
-n runs_through_file
-p port
+
     Run through the input file at most this many times. If no time limit is set, the file will be read
 +
    exactly this number of times; if a time limit is set, the file may be read fewer times.  
 +
-p port
 
     Sets the port on which the DNS packets are sent. If not specified, the standard DNS port (53) is used.  
 
     Sets the port on which the DNS packets are sent. If not specified, the standard DNS port (53) is used.  
-q num_queries
+
-q num_queries
     Sets the maximum number of outstanding requests. When this value is reached, dnsperf will not send any more requests until either responses are received or requests time out. The default value is 100.  
+
     Sets the maximum number of outstanding requests. When this value is reached, dnsperf will not send any
-Q max_qps
+
    more requests until either responses are received or requests time out. The default value is 100.  
 +
-Q max_qps
 
     Limits the number of requests per second. There is no default limit.  
 
     Limits the number of requests per second. There is no default limit.  
-s server_addr
+
-s server_addr
 
     Specifies the name or address of the server to which requests will be sent. The default is the loopback address, 127.0.0.1.  
 
     Specifies the name or address of the server to which requests will be sent. The default is the loopback address, 127.0.0.1.  
-S stats_interval
+
-S stats_interval
 
     If this parameter is specified, a count of the number of queries per second during the interval will be printed out every stats_interval seconds.  
 
     If this parameter is specified, a count of the number of queries per second during the interval will be printed out every stats_interval seconds.  
-t timeout
+
-t timeout
     Specifies the request timeout value, in seconds. dnsperf will no longer wait for a response to a particular request after this many seconds have elapsed. The default is 5 seconds.  
+
     Specifies the request timeout value, in seconds. dnsperf will no longer wait for a response to a particular
-u
+
    request after this many seconds have elapsed. The default is 5 seconds.  
     Instructs dnsperf to send DNS dynamic update messages, rather than queries. The format of the input file is different in this case; see the "Constructing a dynamic update input file" section for more details.  
+
-u
-v
+
     Instructs dnsperf to send DNS dynamic update messages, rather than queries.
     Enables verbose mode. The DNS RCODE of each response will be reported to standard output when the response is received, as will the latency. If a query times out, it will be reported with the special string "T" instead of a normal DNS RCODE. If a query is interrupted, it will be reported with the special string "I".  
+
    The format of the input file is different in this case; see the "Constructing a dynamic update input file" section for more details.  
-x local_port
+
-v
 +
     Enables verbose mode. The DNS RCODE of each response will be reported to standard output
 +
    when the response is received, as will the latency. If a query times out, it will be reported
 +
    with the special string "T" instead of a normal DNS RCODE. If a query is interrupted, it will be reported with the special string "I".  
 +
-x local_port
 
     Specifies the local port from which to send requests. The default is the wildcard port (0).
 
     Specifies the local port from which to send requests. The default is the wildcard port (0).
  
     If acting as multiple clients and the wildcard port is used, each client will use a different random port. If a port is specified, the clients will use a range of ports starting with the specified one.  
+
     If acting as multiple clients and the wildcard port is used, each client will use a different random port.
-y [alg:]name:secret
+
    If a port is specified, the clients will use a range of ports starting with the specified one.  
     Add a TSIG record [RFC2845] to all packets sent, using the specified TSIG key algorithm, name and secret, where the algorithm defaults to hmac-md5 and the secret is expressed as a base-64 encoded string.
+
-y [alg:]name:secret
 
+
     Add a TSIG record [RFC2845] to all packets sent, using the specified TSIG key algorithm,
Author
+
    name and secret, where the algorithm defaults to hmac-md5 and the secret is expressed as a base-64 encoded string.
 
 
Nominum, Inc.
 
  
 
==Lebih Lanjut==
 
==Lebih Lanjut==

Latest revision as of 05:16, 16 August 2015

dnsperf - test performance dari sebuah DNS server

Perintah

dnsperf [-a local_addr] [-b bufsize] [-c clients] [-d datafile] [-D] [-e]
[-f family] [-h] [-l limit] [-n runs_through_file] [-p port] [-q num_queries]
[-Q max_qps] [-s server_addr] [-S stats_interval] [-t timeout] [-u] [-v]
[-x local_port] [-y [alg:]name:secret]

Keterangan

dnsperf adalah alat pengujian kinerja server DNS. Hal ini terutama ditujukan untuk mengukur kinerja server DNS authoritif, tetapi juga dapat digunakan untuk mengukur kinerja server caching di lingkungan laboratorium tertutup. Untuk menguji server caching yang tersambung ke Internet, lebih baik menggunakan respref.

Disarankan dnsperf dan DNS server yang diuji dijalankan pada mesin yang terpisah, sehingga penggunaan CPU dari dnsperf sendiri tidak memperlambat server nama. Dua mesin harus terhubung dengan jaringan yang cepat, sebaiknya segmen khusus Gigabit Ethernet. Pengujian melalui router atau firewall tidak dianjurkan.

Mengkonfigurasi DNS Server untuk testing

Jika menggunakan dnsperf untuk menguji server authoritif, name server yang diuji harus dibentuk untuk melayani satu atau lebih zona serupa dalam ukuran dan jumlah pada apa server diharapkan untuk melayani dalam produksi.

Juga, pastikan untuk mematikan rekursi dalam konfigurasi server (di BIND 8/9, dengan "recursion no;" dalam options block). Dalam BIND 8, anda juga harus menentukan "fetch-glue no;"; jika server mungkin mencoba untuk mengambil informasi glue dari internet selama pengujian, ini memperlambat oleh faktor tak terduga.

Membuat input file query

Sebuah file input dnsperf harus berisi satu set query yang besar dan realistik, dalam jumlah sepuluh ribu sampai jutaan. File input berisi satu baris per query, yang terdiri dari nama domain dan nama tipe RR dipisahkan oleh spasi. Kelas query secara implisit IN.

Ketika mengukur kinerja melayani zona non-terminal seperti zona root atau TLD, diketahui bahwa server tersebut menghabiskan sebagian besar waktu mereka memberikan tanggapan rujukan, jawaban non authoritive. Oleh karena itu, file masukan yang realistis mungkin kebanyakan terdiri dari permintaan untuk tipe A untuk nama *tertentu*, tidak pada, kehadiran delegasi dalam zona. Misalnya, ketika menguji kinerja server dikonfigurasi untuk menjadi otoritatif untuk top-level domain "fi.", Yang berisi delegasi untuk domain seperti "helsinki.fi" dan "turku.fi", masukan file yang bisa berisi baris seperti 

www.turku.fi A
www.helsinki.fi A

di mana "www" awalan memastikan bahwa server akan merespon dengan rujukan. Idealnya, proporsi realistis query untuk domain tidak ada harus dicampur dengan yang sudah ada, dan baris dari file input harus acak.

Membangun Input File yang Update Secara Dinamik

Untuk men-test dynamic update performance, dnsperf dijalankan dengan opsi -u, dan file input di bangun dari blok kalimat yang menjelaskan dynamic update message. Kalimat pertama di blok berisi nama zone, misalnya: 

example.com

Kalimat selanjutnya berisi persyaratan, jika ada. Persyaratan dapat diberikan pada sebuah nama yang mungkin ada atau tidak ada, sebuah rrset mungkin ada atau tidak ada, atau jika ada rrset dan rdata-nya match ke semua rdata yang di spesifikasikan untuk name dan type. Keyword "require" dan "prohibit" di ikuti oleh informasi yang sesuai. Semua name relatif terhadap zone name. Kalimat berikut memperlihatkan 5 type persyaratan 

require a
require a A
require a A 1.2.3.4
prohibit x
prohibit x A


Kalimat selanjutnya berisi record yang perlu di tambahkan, record yang perlu di delete, rrset yang perlu di delete, atau nama yang perlu di delete. Keyword "add" atau "delete" di ikuti dengan informasi yang benar. Semua nama relatif terhadap zone name. Kalimat berikut memperlihatkan 4 type dari update. 

add x 3600 A 10.1.2.3
delete y A 10.1.2.3
delete z A
delete w

Setiap update message di akhiri dengan sebuah kalimat berisi perintah: 

send

Running the tests

Saat menjalankan dnsperf, file data (pilihan -d) dan server (option -s) biasanya akan ditentukan. Output dari dnsperf sebagian besar cukup jelas. Perhatikan jumlah paket yang di drop - ketika menjalankan tes melalui koneksi Ethernet lokal, itu harus nol. Jika satu atau lebih paket telah drop, mungkin ada masalah dengan koneksi jaringan. Dalam hal ini, hasil harus dicurigai dan lakukan tes ulang. 

Options

-a local_addr
   Specifies the local address from which to send requests. The default is the wildcard address. 
-b bufsize
   Sets the size of the socket's send and receive buffers, in kilobytes.
   If not specified, the operating system's default is used. 
-c clients
   Act as multiple clients. Requests are sent from multiple sockets. The default is to act as 1 client. 
-d datafile
   Specifies the input data file. If not specified, dnsperf will read from standard input. 
-D
   Sets the DO (DNSSEC OK) bit [RFC3225] in all packets sent. This also enables EDNS0, which is required for DNSSEC. 
-e
   Enables EDNS0 [RFC2671], by adding an OPT record to all packets sent. 
-f family
   Specifies the address family used for sending DNS packets. The possible values are "inet", "inet6", or "any".
   If "any" (the default value) is specified, dnsperf will use whichever address family is
   appropriate for the server it is sending packets to. 
-h
   Print a usage statement and exit. 
-l limit
   Specifies a time limit for the run, in seconds. This may cause the input to be read multiple times,
   or only some of the input to be read. The default behavior is to read the input once, and have no specific time limit. 
-n runs_through_file
   Run through the input file at most this many times. If no time limit is set, the file will be read
   exactly this number of times; if a time limit is set, the file may be read fewer times. 
-p port
   Sets the port on which the DNS packets are sent. If not specified, the standard DNS port (53) is used. 
-q num_queries
   Sets the maximum number of outstanding requests. When this value is reached, dnsperf will not send any
   more requests until either responses are received or requests time out. The default value is 100. 
-Q max_qps
   Limits the number of requests per second. There is no default limit. 
-s server_addr
   Specifies the name or address of the server to which requests will be sent. The default is the loopback address, 127.0.0.1. 
-S stats_interval
   If this parameter is specified, a count of the number of queries per second during the interval will be printed out every stats_interval seconds. 
-t timeout
   Specifies the request timeout value, in seconds. dnsperf will no longer wait for a response to a particular
   request after this many seconds have elapsed. The default is 5 seconds. 
-u
   Instructs dnsperf to send DNS dynamic update messages, rather than queries.
   The format of the input file is different in this case; see the "Constructing a dynamic update input file" section for more details. 
-v
   Enables verbose mode. The DNS RCODE of each response will be reported to standard output
   when the response is received, as will the latency. If a query times out, it will be reported
   with the special string "T" instead of a normal DNS RCODE. If a query is interrupted, it will be reported with the special string "I". 
-x local_port
   Specifies the local port from which to send requests. The default is the wildcard port (0).

   If acting as multiple clients and the wildcard port is used, each client will use a different random port.
   If a port is specified, the clients will use a range of ports starting with the specified one. 
-y [alg:]name:secret
   Add a TSIG record [RFC2845] to all packets sent, using the specified TSIG key algorithm,
   name and secret, where the algorithm defaults to hmac-md5 and the secret is expressed as a base-64 encoded string.

Lebih Lanjut

Referensi

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Dnspref&oldid=44281"