Posted by Pieter Ennes on December 9th, 2009
Google’s announcement to offer a public DNS service similar to OpenDNS was already discussed exhaustively last week. But we noticed that a lot of people wondered how the different public DNS recursors compare performance-wise, worldwide. We therefore did a small study in this field using the WatchMouse monitoring network.
Test method
We set up monitors for the following public DNS services:
Another one, ScrubIT, turned out to be DOA and was removed from the test as neither of its servers answer queries, even though their blog says “It works!“. Yet another, OpenNIC was left out since its configuration requires a different set of IP addresses in each country. Finally, there are public servers from Level3 with widely known IP’s, but an official web page about this service seems hard to find. We’ve only just started monitoring them and therefore left them out in this test.
For a period of five days, we probed each of the above DNS services for five different records: ‘A’ records for cnn.com (TTL=300), bbc.co.uk (TTL=300) and www.techcrunch.com (TTL=1200); ‘MX’ records for yahoo.com (TTL=7200), and an ‘AAAA’ record for it.ipv6.watchmouse.com (TTL=28800). Each monitor was executed every 5 minutes and was configured to send a single UDP query (with no retries), and time out after 3 seconds without a reply. This set-up was duplicated to monitor two different recursors for each service provider; the obtained results for these were averaged.
For each DNS service roughly 18.000 queries were performed over a six day period (2 servers * 6 days * 288 probes/day * 5 monitors), rotating the 42 locations in our network.
We also added two reference monitors: one utilising a local recursor running on our monitoring station, and another one, dubbed ‘Direct’, querying one of the listed name servers directly.
Results
Before going into the performance details, let’s have a look at the relative number of errors per service:
First thing to note is that a local recursor generates less failures compared to a direct queries to one of the listed name servers, probably due of its ability to cache and prefer fast and correctly functioning servers over ones that are slow or failing. Both DNSAdvantage and OpenDNS do a good job in masking name server errors and minimising lookup time-outs; their failure rate was below 5‰. DNSResolvers seems to have a common failure rate of just under 10‰. Google’s free service, on the other hand, fails to return records within the 3 second time-out in about 15‰ of the queries. That’s worse than a direct query (13‰) to one of the provider servers or through a local resolver (9‰). And it’s three times as high as the two other major competitors.
When we consider the performance of the queries that did receive a valid response, it can be seen that a query through a local resolver is a little bit slower than using a direct query, again on average, worldwide. The difference of ~20ms, however, cannot easily be explained by taking into account the (negligible) round trip time of the UDP query to the local host. The variance in performance from the local resolver is also increased, so it would be likely that other factors play a role here.
DNSResolvers either have very busy servers, or do not seem to do a good job in reducing network latency. Their performance is nearly twice as bad compared to using the local resolver. Most likely their service does not facilitate something called Anycast to route queries to a nearby data centre. The remaining providers do use anycasting, and clearly have an advantage because of this.
Discarding time-outs, Google’s public DNS (59ms on average) definitely is the best in terms of performance, with OpenDNS in a photo finish with a 80ms score. But also the services offered by DNSAdvantage display solid sub-100ms performance with 93ms.
Discussion
Most of the tested host names were either for high-volume sites or had large TTL’s, causing public caches to be easily primed and expose their qualities. OpenDNS, Google and DNSAdvantage all show that they master this and have better lookup times than a local resolver or a direct query.
To avoid influences of second order effects, the measurements were done using only a single UDP query in each probe. By doing so, we were able to separate real query performance from packet loss and server failures. In real life, however, a typical PC would retry the query after a certain time (~5 seconds). Our DNS monitors can do this, but this would cause the failures to be blended into the performance measurements, inducing an (arbitrary) bias from the chosen time-out setting.
Also, real people (or offices for that matter) are most often not in multiple places at the same time. Thus in real life one would be more interested in what the best service provider is in your area. We hope to have some time for a second blog item on this in the near future, with typical user settings, and a breakdown per area.
Measuring averaged worldwide performance the way we did now is still nice as a synthetic benchmark. So for fun, and because everyone finds DNS response times very important, we can introduce a DNS time wasting score. Based on, say, an 100 sequential lookups per day for an average user and a time-out of 3 seconds, the failures induce extra waiting time and influence the score:
| Rank |
Provider |
Daily quality score |
| 1 |
OpenDNS |
100 lookups/day * (80ms + 4.8‰ * 3s) = 9.4 seconds/day |
| 2 |
Google |
100 lookups/day * (59ms + 15‰ * 3s) = 10.4 seconds/day |
| 3 |
DNSAdvantage |
100 lookups/day * (92ms + 4.4‰ * 3s) = 10.6 seconds/day |
| 4 |
Local |
100 lookups/day * (157ms + 8.6‰ * 3s) = 18.2 seconds/day |
| 5 |
DNSResolvers |
100 lookups/day * (289ms + 9.5‰ * 3s) = 31.7 seconds/day |
(10 seconds per day adds up to roughly one hour of DNS waiting per year)
Conclusion
Three of the researched providers clearly are competitive in terms of ‘clean’ performance and offer a useful service to the public. But the number of failures shown in the first chart must be considered as an intrinsic part of the quality of service.
And this is where Google, with a 3 times higher failure rate, seems to have more problems than OpenDNS and DNSAdvantage. For 15 out of 1000 host name lookups, Google fails to respond within 3 seconds (or the packet is just lost), causing an extra lookup after a time-out and an observed lookup time of multiple seconds. It seems that the Google service is fast indeed, but not the most reliable.
Want to monitor DNS too? WatchMouse offer DNS monitoring in their packages!
Posted by Pieter Ennes on November 18th, 2009
Today, we received the final results from the second IPv6 questionnaire we sent out to our hosting partners.
While the results of the first poll, which was held back in 2007, revealed a total lack of interest in IPv6 at the time, the new results (two years later) show something different.
To summarize, almost 40% of our current partners offer native IPv6 already, or expect to be able to do so within the next six months. The table below shows a breakdown for different regions in the world:
| Region |
# hosters |
IPv6 penetration |
| North-America |
7 |
14% |
| Europe |
18 |
50% |
| Asia & Australia |
7 |
43% |
| Rest of world |
2 |
0% |
| Total |
34 |
38% |
Even though our statistics are coarse, the results seem to indicate a lack of interest in the North-American area. But they also show that in both Europe as well as in Asia and Australia, penetration is much better. Almost 50% of the parties in Europe can feed us with native IPv6 down the wire within six months. Go go go!
Are you a hosting provider offering quality IPv6-enabled hosting services in an area that is not currently covered by our network? Please do send us a note!
UPDATE: We’re very pleased to hear that WatchMouse were selected as one of the finalists for the Dutch IPv6 awards today!
Posted by Pieter Ennes on October 19th, 2009
Update: Post updated for v0.2…
Hi folks,
While our own migration to IPv6-enabled monitoring is progressing nicely, we are making available our version of some rudimentary MySQL User Defined Functions (UDF’s) that allow you to work with IPv6 addresses in pre-6.0 versions of MySQL.
The currently implemented functions are inet6_pton() and inet6_ntop() to convert IPv6 (and IPv4) addresses between presentation and numeric (or binary) form directly in SQL. The former function converts a readable IP address string to a binary representation of either 4 bytes (IPv4) or 16 bytes (IPv6) long. The latter function does exactly the opposite, as shown in:
mysql> select inet6_ntop(inet6_pton('2001:4860:a005::68'));
+----------------------------------------------+
| inet6_ntop(inet6_pton('2001:4860:a005::68')) |
+----------------------------------------------+
| 2001:4860:a005::68 |
+----------------------------------------------+
1 row in set (0.00 sec)
mysql> select inet6_ntop(inet6_pton('1.2.3.4'));
+-----------------------------------+
| inet6_ntop(inet6_pton('1.2.3.4')) |
+-----------------------------------+
| 1.2.3.4 |
+-----------------------------------+
1 row in set (0.00 sec)
mysql> select
length(inet6_pton('1.2.3.4')) as ipv4len,
length(inet6_pton('2001:4860:a005::68')) as ipv6len;
+---------+---------+
| ipv4len | ipv6len |
+---------+---------+
| 4 | 16 |
+---------+---------+
1 row in set (0.00 sec)
You can neatly store the output of inet6_pton() in a VARBINARY(16) column (using a VARCHAR(16) would not be wise because because of possible character set conversion problems).
Of course, there are many ways one could store IPv6 addresses in a database, but the method described here seems to work best for us and is unlikely to conflict with any native support for IPv6 that MySQL will implement in future versions. Furthermore, the binary notation seems to work nicely with ranges, so you can use WHERE ip BETWEEN a AND b to do something like:
mysql> select * from log
where ip between inet6_pton('2001:db8::') and inet6_pton('2001:db9::');
to get all IP addresses in the 2001:db8::/32 range.
We’ve also included two address lookup functions that are IPv6 compatible:
mysql> select inet6_lookup('www.watchmouse.com');
+------------------------------------+
| inet6_lookup('www.watchmouse.com') |
+------------------------------------+
| 2001:1938:80:73::2 |
+------------------------------------+
1 row in set (2.08 sec)
mysql> select inet6_rlookup('2a02:f8::ffff:ffe5'), inet6_rlookup('64.128.190.61');
+-------------------------------------+--------------------------------+
| inet6_rlookup('2a02:f8::ffff:ffe5') | inet6_rlookup('64.128.190.61') |
+-------------------------------------+--------------------------------+
| it.watchmouse.com | ny.watchmouse.com |
+-------------------------------------+--------------------------------+
1 row in set (0.07 sec)
As you can see, inet6_lookup takes a host name and converts it to a readable IP address. The reverse lookup function, inet6_rlookup, works on both binary as well as human readable IP addresses (since v0.2).
The inet6_pton() and inet6_ntop() functions should be quite fast, but as each call to inet6_lookup() involves a DNS lookup, the lookup functions can make your queries extremely slow. Make sure you LIMIT your result set to something sensible. In general, I would not recommend to use the lookup functions in production code as I don’t know the impact of these queries on MySQL’s performance.
Once the UDF’s are installed in the MySQL plugin directory, they can be loaded at runtime using:
mysql> CREATE FUNCTION inet6_ntop RETURNS STRING SONAME "mysql_udf_ipv6.so";
mysql> CREATE FUNCTION inet6_pton RETURNS STRING SONAME "mysql_udf_ipv6.so";
mysql> CREATE FUNCTION inet6_lookup RETURNS STRING SONAME "mysql_udf_ipv6.so";
mysql> CREATE FUNCTION inet6_rlookup RETURNS STRING SONAME "mysql_udf_ipv6.so";
These functions have helped us with our immediate needs for managing IPv6 addresses in our DBMS, and hopefully they can help you too. We have some more improvements in mind, so stay tuned if you’re interested!
The current version of the UDF’s can be downloaded from:
mysql-udf-ipv6-0.2.tar.gz
Note: Compilation was tested on Debian etch+lenny, Ubuntu jaunty+karmic, and on FreeBSD. If you get it running on other platforms, send us a patch!
Pieter Ennes
WatchMouse
Posted by stan on October 13th, 2009
Earlier today we promoted the 1.6 version of the WatchMouse API to ’stable’. Next to some minor fixes, the new API now fully supports IPv6 and UTF-8.
The WatchMouse API enables developers to tie in features of the WatchMouse monitoring service in their own application or website. Using the API you can access the data and functions of the WatchMouse services.
Some example uses of the API:
- Perform a check of your site from one of the worldwide monitoring stations of WatchMouse
- Access your WatchMouse account and set up, activate, modify, or remove site monitoring rules
- Schedule a Vulnerability Scan for your server
- Send an SMS from one of the many SMS gateways of WatchMouse
- Perform a traceroute from one of these stations to an IP address of your choice. The just-trace site was build using these services.
- Find where a certain host is located (IP to location)
- Compute how much 10 Euro is in US Dollars.
- …
IPv6 support
IPv6 is an important feature in this release, and it actually took more than just the API to fully support it. We upgraded monitoring stations, the core monitoring software, our website, and the databases in our back-end systems to make it all work. And let’s not forget the hosting providers for our 40+ stations world wide. But that’s a story worthy of a full post coming soon 
For most API calls you will need a WatchMouse account (or an account with one of our partners) and the number of calls is rate-limited on hourly or daily basis, but some calls can be used anonymously too. See the Access to the API chapter for details.
Your mashup here
Already a number of mash-ups were created, like the Just-ping site and the Down-or-Not site, and we will see a number of other applications down the road. If you use our API, just let us know in a comment below, and don’t forget to list it as a mash-up at Programmable web!
For documentation, please read on here:
Hope to see a thousand applications bloom!
Stan P. van de Burgt
Posted by Pieter Ennes on September 8th, 2009
Which hosters are running IPv6, and what monitoring tools are needed? We are trying to find out!
With a bit of a delay we want to share the results of a poll we held among the hosting providers of our monitoring network in the beginning of 2008. We asked them whether they could offer native IPv6 to our stations, and if not, when they could.
The results were interesting, as none of them could at that time deliver native v6 traffic right down to our stations, and only two were up for a joint experiment with us. Very few responded that they had IPv6 on the roadmap at all; the rest indicating that they had not thought about it yet. Two responded that they were in fact waiting on some IPv6 address space from APNIC. Assuming that our selection of (at that time 25) providers is representative for hosters in general, pioneers are still in bad shape if they depend on upstream network infrastructure.
So what has changed since then? The AMS-IX IPv6 bandwidth charts for 2009 show that there has only been a minor increase in v6 traffic recently. You can also see that IPv6 traffic still accounts for only a tiny 0.2% of the total traffic volume. We will conduct a second poll now to see if matters have changed, although the above statistics are pessimistic. I will update this blog with a more detailed comparison study when we have new results.
With respect to WatchMouse, we think early adopters should have at least access to tools to monitor all the aspects of their systems during their transition to IPv6. We therefore are currently aggressively making our own infrastructure IPv6-ready to offer IPv6 monitoring as good as we can. For locations where we find no support from our upstream providers, we will be using v4 tunnels through HE, SixXS and other providers. Besides that, our developers are currently testing the necessary code changes for full IPv6 deployment.
Some of the things we are working on right now:
- Finalizing deployment of a IPv6 capable monitoring network using tunnel brokers
- Make our core systems, databases and checker software ready for IPv6
- Conduct a second poll amongst our hosters to verify the current state of v6 penetration
- Make the WatchMouse website itself available on v6
We will post any interesting information regarding our progress in this blog when we have it. In the meantime, we would like to ask what kind of tools you would need from us to be able to monitor your own transition; why not leave a comment on this site!
