Here are some DNS-OARC development highlights from the past couple of months. These updates are usually bi-monthly and previous ones are available on our Medium blog.
dnscap v1.10.3
This release fixes the inclusion of all plugins for the Debian and Ubuntu packages. They (especially the new anonymization plugins) were missed due to being specified one by one in the control files. The package will now include any plugin built.
dnsmeter
As announced yesterday, DNS-OARC is pleased to be the new home of dnsmeter!
This tool was developed at DENIC eG by Patrick Fedick and is used for performance measurements on DENIC’s DNS platform. With the correct network setup it can use raw sockets to simulate a wide arrange of clients over UDP. This allows DENIC to simulate a query pattern which is close to their production environment.
You can specify a network from which to randomize clients addresses, or give it a PCAP and it will use the addresses found in that. There are more options to do load steps rate limiting, in order to see where the break points are, and options to run a percent of the traffic with DNSSEC enabled.
Queries are loaded from a text file, similar to dnsperf, or extracted from a PCAP and the results can be saved in a CSV file.
The first release of dnsmeter (v1.0.0) was made after reworking the repository and including all things necessary for making packages. However, while making this development update I wanted to include screenshots (below) of running dnsmeter but ran into a few issues.
One issue was a dependency problem causing dnsmeter to throw an exception when using it. Another issue was that it missed the first 8 bytes in a text payload, due to how it detects PCAPs, and then various display bugs, such as RTT calculations. All issues have been fixed and are included in the v1.0.1 release.
Packages of dnsmeter are available for many of the major Linux distributions and it’s easy to install, for example on Ubuntu:
$ sudo add-apt-repository ppa:dns-oarc/dnsmeter
$ sudo apt-get install dnsmeterrunning dnsmeter
The following screenshot uses dnsmeter to test a local resolver (-z) with addresses from a /24 network (-s). The queries comes from a payload text file (-p) and the test runs for 3 seconds (-l).
As you can see in this dnscap capture, when running the above test, the addresses and ports are randomized.
In the next example we use the load step rate limiting (-r) to do two tests, one with a maximum QPS of 50,000 and another with 100,000. Compared to above, these tests only runs for 1 second (-l) and has a lower timeout (-t) then default (2 seconds) to get the output down a bit.
OARC 31
Our next workshop in Austin is coming up fast! I will have the usual setup close by the registration desk, with two raspberries running our software that will give you a chance to get some hands-on. One of the highlights for this conference is that I will make a live demo of dnsmeter available so you can see it in action! Hope to see you there!
If you have not already registered to attend, early bird available until 23:59 CDT on Wed 9th Oct (05:59 UTC on Thu 10th Oct), please do so via:
<https://www.dns-oarc.net/oarc31>DNSTAP library
After OARC 31, one of my main focus for the remainder of this year will be to make the DNSTAP library, as discussed at OARC 30, and implement it in dsc and dnscap.
I had wished to have a skeleton library already available to show at OARC 31 but time hasn’t permitted that. Hopefully I’ll have most of the bugs cleared out for a demo at OARC 32 which takes place, just in a few months(!), on the 8th of February in San Francisco, just before NANOG 78.
<https://www.dns-oarc.net/oarc32>Cheers,
Jerry
