Open PenelopeFudd opened 5 months ago
Benchmarking one client:
$ time dig +short +nokeepopen -k /tmp/foobar.tsig @127.0.0.2 txt $(yes hello.doh-test.com |head -20000) | wc -l
20000
real 0m12.557s
user 0m7.154s
sys 0m4.883s
Benchmarking 100 clients with 2000 requests each:
$ time parallel -j 100 dig +short +nokeepopen -k /tmp/foobar.tsig @127.0.0.2 txt $(yes hello.doh-test.com |head -2000) > /dev/null ::: $(seq 1 100)
real 0m21.112s
user 0m30.589s
sys 1m21.671s
Looks like 9473 QPS
Describe the feature We'd like to benchmark using TSIG on requests to see if it's faster that DoH or any of the other encrypted protocols.
Why do you need this feature We've got a client who's worried about replay attacks, and requests that we support 200,000 requests per second with 100ms latency. We've achieved that with plain UDP, now we just have to get some sort of replay protection set up. DoH, DoT, DoQ and DNSSEC all provide that, but we're having problems reaching the necessary speed, and are hoping that TSIG will do the trick.
Since "Hope is Not a Plan", we're going to have to benchmark it.
The equivalent dig command is: