Knot DNS merge requestshttps://gitlab.nic.cz/knot/knot-dns/-/merge_requests2017-05-28T20:05:36+02:00https://gitlab.nic.cz/knot/knot-dns/-/merge_requests/593Qp trie integration2017-05-28T20:05:36+02:00Daniel SalzmanQp trie integrationSee !574 for more detailsSee !574 for more detailsVladimír Čunátvladimir.cunat@nic.czVladimír Čunátvladimir.cunat@nic.czhttps://gitlab.nic.cz/knot/knot-dns/-/merge_requests/688journal: added journal-fast option by LMDB flags for many-zones slaves to spe...2017-06-19T19:02:55+02:00Libor Peltanjournal: added journal-fast option by LMDB flags for many-zones slaves to speed up axfrDaniel SalzmanDaniel Salzmanhttps://gitlab.nic.cz/knot/knot-dns/-/merge_requests/818Nsec sign changesets2017-10-02T09:22:03+02:00Libor PeltanNsec sign changesetsThis shall speed up small updates to big signed zone.
The previous procedure is:
- recreate all the NSEC(3) records in the zone
- compare to the existing NSEC(3) records, making a diff
- sign this diff
The new procedure is:
...This shall speed up small updates to big signed zone.
The previous procedure is:
- recreate all the NSEC(3) records in the zone
- compare to the existing NSEC(3) records, making a diff
- sign this diff
The new procedure is:
- recreate only NSEC(3) records (neighbouring to) records mentioned in the changeset
- sign the changed records
The observed total speed-up of a little zone update to a huge signed zone was around 15%, but there are also other problems not related to NSEC(3) chain reconstruction.
Fixes #119Daniel SalzmanDaniel Salzmanhttps://gitlab.nic.cz/knot/knot-dns/-/merge_requests/875kdig: polling on TLS connections2018-01-18T20:17:17+01:00Mark Karpilovskijkdig: polling on TLS connectionsSolves Issue #561Solves Issue #5612.7.0Daniel SalzmanDaniel Salzmanhttps://gitlab.nic.cz/knot/knot-dns/-/merge_requests/880Journal optimization2018-03-15T22:35:22+01:00Libor PeltanJournal optimization2.7.0Mark KarpilovskijMark Karpilovskijhttps://gitlab.nic.cz/knot/knot-dns/-/merge_requests/906NSEC3 optimization2018-06-13T12:19:35+02:00Libor PeltanNSEC3 optimizationAn optimization of NSEC3 responses. This might make us almost as fast as NSD ;)
We pre-link on load time the nodes with their respective wildcard-proving NSEC3s.
Details:
On NSEC3 NXDOMAIN answer, we need to compute three NSEC3 ha...An optimization of NSEC3 responses. This might make us almost as fast as NSD ;)
We pre-link on load time the nodes with their respective wildcard-proving NSEC3s.
Details:
On NSEC3 NXDOMAIN answer, we need to compute three NSEC3 hashes:
1 for the name in question
2 for closest encloser
3 for wildcard child of closest encloser
Actually, 2 and 3 can be pre-computed. In Knot, only 2 had been pre-computed, this adds 3.2.7.0Daniel SalzmanDaniel Salzmanhttps://gitlab.nic.cz/knot/knot-dns/-/merge_requests/954Adjust refactor2018-12-04T15:20:29+01:00Libor PeltanAdjust refactorZone nodes' adjusting refactored to be nore uncluttered. Also removed some redundant calls to adjusting, which should speed up updates.
Anyway, it's mostly not possible with small updates to big zone, adjusting just the affected nodes...Zone nodes' adjusting refactored to be nore uncluttered. Also removed some redundant calls to adjusting, which should speed up updates.
Anyway, it's mostly not possible with small updates to big zone, adjusting just the affected nodes. Many adjustables are regarding very indirect nodes' relationships, so removing one node (e.g. a glue or a nsec3 wildcard proof) affect indirectly many nodes.2.8Daniel SalzmanDaniel Salzmanhttps://gitlab.nic.cz/knot/knot-dns/-/merge_requests/956Parallel signing2019-01-09T17:25:43+01:00Libor PeltanParallel signingThree separate commits:
- first one might be important also as a bugfix(?), avoiding overwriting shared buffers while signing rrsets in parallel threads, which is already the case in onlinesign
- second one implements parallel signin...Three separate commits:
- first one might be important also as a bugfix(?), avoiding overwriting shared buffers while signing rrsets in parallel threads, which is already the case in onlinesign
- second one implements parallel signing of the zone. The speedup observed was almost proportional.
- third one implements parallel signing of changes to the zone, but its benefit is very questionable because the updates are veeeery slow outside of the signing routine.
Fixes #186 2.8Daniel SalzmanDaniel Salzmanhttps://gitlab.nic.cz/knot/knot-dns/-/merge_requests/974adjusting incremental updates: direct nsec3 pointers only for changed nodes2019-01-23T13:58:48+01:00Libor Peltanadjusting incremental updates: direct nsec3 pointers only for changed nodes2.8Daniel SalzmanDaniel Salzmanhttps://gitlab.nic.cz/knot/knot-dns/-/merge_requests/973trie/zone: implemented trie duplication, faster zone shallow copy2019-01-23T17:14:25+01:00Libor Peltantrie/zone: implemented trie duplication, faster zone shallow copy2.8Daniel SalzmanDaniel Salzmanhttps://gitlab.nic.cz/knot/knot-dns/-/merge_requests/976Nsec3 wc adjust only name2019-02-06T17:08:49+01:00Libor PeltanNsec3 wc adjust only nameRecently, Knot's negative NSEC3 responses' performance has been greatly improved by pre-computing NSEC3 wildcard proofs during adjust phase. This was done by pointing to wildcard-nonexistence-prooving NSEC3 node from each normal node. Ho...Recently, Knot's negative NSEC3 responses' performance has been greatly improved by pre-computing NSEC3 wildcard proofs during adjust phase. This was done by pointing to wildcard-nonexistence-prooving NSEC3 node from each normal node. However, this makes much mess with zone updates: even a tiny update to the zone might influence this proof for many other nodes. Therefore, instead of pointing directly to proving node, we just store wildcard-nonexistence-prooving NSEC3 *name* in each normal node, and find the proving node during answering. This makes 1) NSEC3 NXDOMAIN answering few percent slower; 2) general memory consumption for NSEC3 zones cca 15 percent higher; 3) possible to adjust only affected nodes' wildcard-nonexistence-prooving pointers when update (useful as a milestone for implementing COW-trie updates).2.8Daniel SalzmanDaniel Salzmanhttps://gitlab.nic.cz/knot/knot-dns/-/merge_requests/977Adjust optimization2019-02-06T19:10:13+01:00Libor PeltanAdjust optimization2.8Daniel SalzmanDaniel Salzmanhttps://gitlab.nic.cz/knot/knot-dns/-/merge_requests/962Lmdb refactor2019-02-07T16:37:18+01:00Libor PeltanLmdb refactorNew interlayer between LMDB backend and journal (and further databases), with focus on ease-of-use and centralised error handling.
Some (minor?) performance improvements by avoiding copying stuff. For example merging changesets has ha...New interlayer between LMDB backend and journal (and further databases), with focus on ease-of-use and centralised error handling.
Some (minor?) performance improvements by avoiding copying stuff. For example merging changesets has half usage of memory.
Journal completely rewritten with focus on code readability and modularity.
Kasp DB and Zone timers also use new LMDB interlayer to maintain compatibility and slightly improve the code.2.8Mark KarpilovskijMark Karpilovskijhttps://gitlab.nic.cz/knot/knot-dns/-/merge_requests/982Optimize geoip query processing2019-02-26T16:38:13+01:00Mark KarpilovskijOptimize geoip query processingOptimizations of the geoip query processing using binary search and a simplified trie-like structure of the geo_view array (with tree edges pointing only upwards to the root) result in a 13% increase in number of processed queries at 2M ...Optimizations of the geoip query processing using binary search and a simplified trie-like structure of the geo_view array (with tree edges pointing only upwards to the root) result in a 13% increase in number of processed queries at 2M qps without DNSSEC and 10% increase with DNSSEC in our benchmarking environment.2.8Daniel SalzmanDaniel Salzmanhttps://gitlab.nic.cz/knot/knot-dns/-/merge_requests/988Implementation of COW trie for zone updates2019-04-26T15:58:28+02:00Libor PeltanImplementation of COW trie for zone updates2.9Daniel SalzmanDaniel Salzmanhttps://gitlab.nic.cz/knot/knot-dns/-/merge_requests/1001Resign optimi2019-05-05T20:53:32+02:00Libor PeltanResign optimisee commits' messagessee commits' messages2.9Daniel SalzmanDaniel Salzmanhttps://gitlab.nic.cz/knot/knot-dns/-/merge_requests/1003dnssec/nsec_update: trivial optimization2019-05-05T21:03:59+02:00Libor Peltandnssec/nsec_update: trivial optimization2.9Daniel SalzmanDaniel Salzmanhttps://gitlab.nic.cz/knot/knot-dns/-/merge_requests/1004Additionals reverse tree2019-05-14T20:55:56+02:00Libor PeltanAdditionals reverse treethe tree is like a key-value database, with the key being a domain name
of a record which is an additional for a record in the zone
while the name might be not in the zone; the value is a deduplicated dynarray
of pointers to zone nodes, ...the tree is like a key-value database, with the key being a domain name
of a record which is an additional for a record in the zone
while the name might be not in the zone; the value is a deduplicated dynarray
of pointers to zone nodes, for which it actually is an additional
whenever in an incremental update a record is changed/added
with the name of an additional, all the listed nodes
must be re-adjusted (re-discovered additionals
previously, we always re-discovered additionals for whole zone2.9Daniel SalzmanDaniel Salzmanhttps://gitlab.nic.cz/knot/knot-dns/-/merge_requests/1005optimization: adjusting: mesure zone size incrementally for updates2019-05-16T13:04:05+02:00Libor Peltanoptimization: adjusting: mesure zone size incrementally for updates2.9Daniel SalzmanDaniel Salzmanhttps://gitlab.nic.cz/knot/knot-dns/-/merge_requests/1012nsec/nsec3: refactor of incremental updates2019-05-23T10:49:57+02:00Libor Peltannsec/nsec3: refactor of incremental updates2.9Daniel SalzmanDaniel Salzman