Caching DNS Capacity and Performance Guidelines

This chapter provides information on Caching DNS capacity and performance guidelines for Cisco Prime Network Registrar.

DNS System Deployment Limits

Cisco Prime Network Registrar makes the following recommendations on maximum Caching DNS System configuration sizes. A redundant DNS architecture will contain multiple servers, therefore the capacity can be expanded horizontally by adding on new servers. Although Cisco Prime Network Registrar does not put hard limits on many of its configuration objects, these recommended maximums are to ensure a properly functioning DNS deployment.

  • Maximum of 100 DNS Views

  • Maximum of 500 Exceptions and Forwarders

  • Maximum of 3 DNS RPZ Firewall Objects. Note that the RPZ zones can have many thousands of entries.

  • Maximum of 12 DNS Firewall Objects (non-RPZ) with no more than 200 domains each

  • Maximum of 30 DNS64 Objects


Note

To account for situations where one or more servers are unavailable due to maintenance or outage, it is recommended to include excess capacity in the deployment architecture to accommodate the additional load that must be borne by the remaining live systems. The excess capacity to be deployed or the number of backup systems, will depend on the level of redundancy that you want to achieve. A minimum of n+1 redundancy is recommended.

Caching DNS System Sizing

A Cisco Prime Network Registrar Caching DNS deployment can be categorized as small, medium, or large depending on the number of servers and query load. The following sections are an indication of how to provision the Caching DNS server based on the deployment size.


Note

To ensure a properly functioning DNS system, it is important to monitor system disk space and memory.

Small Deployment

  • Typically consists of 2-4 DNS Caching servers. DNS Caching server maybe co-located with the DNS Authoritative server using hybrid mode.

  • Typically less than 1,000 Queries per second

  • A minimum of 2 CPUs

  • A minimum of 4 GB of RAM

  • A minimum of 10 GB of disk space

Medium Deployment

  • Typically consists of 2-4 DNS Caching servers. DNS Caching servers must be deployed on separate machines or VMs.

  • Typically between 1,000 and 50,000 queries per second

  • A minimum of 4 CPUs

  • A minimum of 8 GB of RAM

  • A minimum of 25 GB of disk space

Large Deployment

  • Typically consists of 4 or more DNS Caching servers.

  • Typically more than 50,000 queries per second

  • A minimum of 8 CPUs

  • A minimum of 16 GB of RAM. The Caching DNS RR cache settings are msg-cache-size and rrset-cache-size, and they may both be increased to 4,294,967,295 bytes.

  • A minimum of 50 GB of disk space

Possible Impacts on Caching DNS Server Performance

The following is a list of common system components and Cisco Prime Network Registrar configurations that may have an impact on performance:

  • Firewalls and Connection Tracking may have a negative impact on performance especially in medium to large deployments where the firewall may drop a significant amount of DNS traffic.

  • Excessive logging—Either enabling too many log settings, packet logging, or debug logging can decrease server performance.

  • IPv6 only networks configured to also use IPv4. IPv6 networks should be configured in IPv6 only mode in order to prevent the server wasting cycles on failed IPv4 communication.

  • IPv4 only networks configured to also use IPv6. IPv4 networks should be configured in IPv4 only mode in order to prevent the server wasting cycles on failed IPv6 communication.