DNS versus NAT ?

Sun Jun 16 13:26:19 UTC 2019

On Sun, Jun 16, 2019 at 06:32:56AM -0400, Viktor Dukhovni wrote:

> With that in place, my unbound server is able to process ~2400 qps,
> without running into any NAT state barriers.

Correction, I happened to tune up my client code a bit over the
last couple of days, and today a rescan of ~56 million previously
unsigned domains looking for new signatures is clocking in at 4050
qps.

The ~2400 qps number was observed while scanning already known signed
domains, where more database processing happens for each one slowing
things a bit on the client side.

Bottom line, with no NAT in the way, unbound easily manages 4k qps
on comparatively modest hardware.

top(1) shows:

  PID USERNAME    THR PRI NICE   SIZE    RES STATE    C   TIME    WCPU COMMAND
  45420 viktor        8  35    0   418M   362M uwait    7 115:09 123.71% danescan
  25483 unbound       2  52    0   964M   678M kqread   3  31.1H  81.28% unbound
  45426 postgres      1  52    0    16G    14G select   1  62:59  67.29% postgres
  45428 postgres      1  52    0    16G    14G select   2  63:00  67.22% postgres
  45427 postgres      1  52    0    16G    14G select   4  62:59  67.20% postgres

Which generates 3.4 Mbps of outbound DNS query traffic and 27.3
Mbps of inbound replies.

-- 
	Viktor.