Statement of Work: Internet Systems Consortium

Executive summary: ISC will build a testbed whose magnitude and capacity match a typical collection of TLD servers (not including anycast mirrors). We will replicate the root and .com zones in the testbed, and will present various loads and measure performance under those loads. The loads presented will not just be simple lookups, but will include various mixes of database updates, with and without various DNSSEC extensions.

Sponsored by:
National Science Foundation (NSF)

Principal Investigator: kc claffy

Funding source:  NSF 0427144 Period of performance: September 15, 2004 - August 31, 2009.

Tasks and deliverables for the entire effort: (project website will be updated weekly, even if the update is only to change the "date last updated" indication.)

Task NumberTask Description
Task 1 Design and document testbed. Specify and order necessary hardware. Testbed will allow simulation of a universe of 13 TLD servers, using computers of appropriate speed interconnected by a non-blocking switch. Testbed will include enough client computers to present a full simulated load, and will have a control machine and a separate logging machine. Create and announce a project website that will contain a project description, status, and results.
Task 2 Acquire a test request stream by recording 72 hours of F root traffic. Subsets of this test stream will be used for performance measurements.
Task 3 Build testbed. Install and configure the servers and interconnects. Try various operating systems under various configuration settings, including at a minimum FreeBSD, Linux, NetBSD, and Solaris. Get the testbed working with BIND under each such OS using a copy of the live .com database, and measure performance under each.
Task 4 Augment test request stream to produce hybrid streams that include database update requests in addition to the lookup requests contained in the captured stream. Produce three hybrid stream mixes, for low, medium, and high rates of update.
Task 5 Repeat Task 3 using a presented load of database updates, not simple name lookups. Repeat this test for various DNSSEC extensions to the protocol. Take measurements at widely varying load magnitudes, and, in every case, push it until the system collapses in order to locate the collapse points.
Task 6 Depending on the results of Task 3, possibly repeat Task 4 for other OS bases.
Task 7 Make the testbed hardware available to OARC members for research measurement projects. Any significant software developed will be provided 'open source'.
Task 8 Produce an ISC tech report outlining this experiment and detailing the results. Submit descriptions of the datasets to Produce an online version of this tech report that describes the measured operational characteristics of DNSSEC.

Deliverable NumberDeliverable DescriptionDue date
Task 1 Testbed design document completed. Hardware ordered. Deliverable is design document and hardware order. 15 Oct 2006
Task 2 72-hour test request stream acquired and characterized. Deliverable is stream characterization. 6 Nov 2006
Task 3 Testbed built and tested with request stream using BIND under FreeBSD, Linux, NetBSD, and Solaris. Deliverable is short table of performance limits (breaking point) for each configuration. 5 Mar 2007
Task 4 Augmented request streams produced and characterized. Deliverable is the characterization of each hybrid stream. 12 Mar 2007
Task 5 Tests completed with hybrid request/update streams, documenting performance limits for each. Deliverable is the collection of performance results for each stream at various rates. This is the key result of the entire experiment. 21 May 2007
Task 6 Discuss with CAIDA whether or not to test alternate platforms. If decision (based on the results of Task 3) is to test them, then this task is similar to Task 5, but for different platform(s). (TBD)
Task 7 Announcement of testbed system availability and (if any) open- source software availability. 25 Jun 2007
Task 8 Deliverable is the ISC tech report and announcement to Website characterizing DNSSEC announced. 17 Aug 2007


  • Design and construction of a full-scale global DNS testbed
  • Capture and characterization of 72-hour request stream, and creation from it of three hybrid test
  • streams that have varying amounts of update traffic mixed in with the request traffic.
  • Characterization and performance testing of request-only stream to testbed.
  • Characterization and performance testing of hybrid request/update streams to testbed.
  • Publication of ISC tech report with all research results.

Period of Performance: September 1, 2006 to August 31, 2007

Last Modified