Purely from a DNS caching only perspective. Is a standalone BIND or Unbound DNS Caching server much different to Mikrotiks DNS cache feature?
I have 7 towers, each has a mikrotik router acting as a PPPOE server, so I am thinking that I should just increase the cache size to like 10GB (using SD card storage) on each edge mikrotik and that can serve as a DNS cache instead of a central local DNS caching server.
I will appreciate your thoughts
Re: Mikrotik DNS Cache vs BIND9/Unbound server
Your 10GB plan probably won't work, I think it uses only RAM. But it's unlikely that you'd ever need that much anyway, records time out, they don't last forever. But it of course depends on how big network you have.
Other than that, all resolvers are same in principle. If you need only bare basics, no extra features, it's there. I'd be a little worried about performance, but I haven't seen any benchmark. Maybe if you increase default limits for concurrent queries, it could handle it, I don't know. But default values are not very optimistic. It would be interesting to test what it's capable of.
One more thing that could possibly cause problems is the fact that unlike other resolvers, MikroTik's does not keep letter case used in queries and sends lowercase names in responses. It should not matter, but it seems that maybe in some cases it can (there were threads about Playstation problems suggesting that this may be the reason, but no definitive proof).
But if I was ISP, I'd want some extra features like own DNSSEC validation, and that's something that current RouterOS can't offer.
Other than that, all resolvers are same in principle. If you need only bare basics, no extra features, it's there. I'd be a little worried about performance, but I haven't seen any benchmark. Maybe if you increase default limits for concurrent queries, it could handle it, I don't know. But default values are not very optimistic. It would be interesting to test what it's capable of.
One more thing that could possibly cause problems is the fact that unlike other resolvers, MikroTik's does not keep letter case used in queries and sends lowercase names in responses. It should not matter, but it seems that maybe in some cases it can (there were threads about Playstation problems suggesting that this may be the reason, but no definitive proof).
But if I was ISP, I'd want some extra features like own DNSSEC validation, and that's something that current RouterOS can't offer.
Re: Mikrotik DNS Cache vs BIND9/Unbound server
Beautiful reply, that gives me quite a bit to think about.Your 10GB plan probably won't work, I think it uses only RAM. But it's unlikely that you'd ever need that much anyway, records time out, they don't last forever. But it of course depends on how big network you have.
Other than that, all resolvers are same in principle. If you need only bare basics, no extra features, it's there. I'd be a little worried about performance, but I haven't seen any benchmark. Maybe if you increase default limits for concurrent queries, it could handle it, I don't know. But default values are not very optimistic. It would be interesting to test what it's capable of.
One more thing that could possibly cause problems is the fact that unlike other resolvers, MikroTik's does not keep letter case used in queries and sends lowercase names in responses. It should not matter, but it seems that maybe in some cases it can (there were threads about Playstation problems suggesting that this may be the reason, but no definitive proof).
But if I was ISP, I'd want some extra features like own DNSSEC validation, and that's something that current RouterOS can't offer.
Could you elaborate on the following:
1. How size cache would work for about 4000 devices?
2. If I were to try it, how many concurrent sessions and how many tcp connections (the settings of mikrotik dns cache) should I set it to?
I am currently trialing UT DNSbox on a segment of my network. Here are the stats from there:
Code: Select all
New Requests/sec: 1.300
Total Requests/sec: 7.322
DNS Records in Cache: 16,079Re: Mikrotik DNS Cache vs BIND9/Unbound server
I can't tell how much will 4k devices need, it depends on what they do and it can vary greatly. The same goes for concurrency limits. It's not like normal device sends dns queries all the time, so average rate should not be high. You should have some space for spikes, again the same thing.
I'm big fan of trial & error method, so I'd start with smaller segment of network and see what it does there. Or before you jump to that, you can add passthrough rule for port 53 and see what's current packet rate. With default udp, it's one packet per query, so it's easy to count. And tcp should be used much less than udp.
I'm big fan of trial & error method, so I'd start with smaller segment of network and see what it does there. Or before you jump to that, you can add passthrough rule for port 53 and see what's current packet rate. With default udp, it's one packet per query, so it's easy to count. And tcp should be used much less than udp.
Re: Mikrotik DNS Cache vs BIND9/Unbound server
Thanks for that tip about the packet rate. OK I may just give it a shotI can't tell how much will 4k devices need, it depends on what they do and it can vary greatly. The same goes for concurrency limits. It's not like normal device sends dns queries all the time, so average rate should not be high. You should have some space for spikes, again the same thing.
I'm big fan of trial & error method, so I'd start with smaller segment of network and see what it does there. Or before you jump to that, you can add passthrough rule for port 53 and see what's current packet rate. With default udp, it's one packet per query, so it's easy to count. And tcp should be used much less than udp.
Re: Mikrotik DNS Cache vs BIND9/Unbound server
Assuming you would still keep the central DNS server as a sort of primary? Would you then use the tower pppoe concentrators using the main central server to resolve and cache from?
Re: Mikrotik DNS Cache vs BIND9/Unbound server
I use both MikroTik and bind9 caching resolvers in different (parts of) networks, and I think they both work OK.
I use bind9 where I also want local zones, the "static" feature of MikroTik DNS is way too limited (it should provide many more record types).
However, I think you should not expect too much from using such a caching resolver. It will reduce traffic, but probably not by noticable amounts.
In the past, real savings could be made using a caching HTTP proxy. But now that HTTP protocol has fallen out of use (almost all traffic is HTTPS now), this does not work anymore.
I use bind9 where I also want local zones, the "static" feature of MikroTik DNS is way too limited (it should provide many more record types).
However, I think you should not expect too much from using such a caching resolver. It will reduce traffic, but probably not by noticable amounts.
In the past, real savings could be made using a caching HTTP proxy. But now that HTTP protocol has fallen out of use (almost all traffic is HTTPS now), this does not work anymore.
Re: Mikrotik DNS Cache vs BIND9/Unbound server
Resolver closer to user can shave off a millisecond or two from response time (for cached records), which nobody will really notice, but technically it's an improvement.
Who is online
Users browsing this forum: kormenator, mattlach and 196 guests