Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

NIOS DNS DHCP IPAM

Reply

DNSSEC Performance Impact on Infoblox hardware

[ Edited ]
Authority
Posts: 9
374     0

Hi all, 

 

I was wondering if anyone could share their experience after configured Infoblox DNS with DNSSEC signing zones. Wonder are there any increase on infoblox hardware performance consumption or incoming DNS traffic? 

If yes, roughly how many percentage should we expected? 

Re: DNSSEC Performance Impact on Infoblox hardware

Techie
Posts: 34
375     0

Highly dependent on the key sizes of certs, how much of load of DNS is DNSSEC, etc

 

In general, when we are sizing this, we can anticipate up to 10-20x impact. The GM is the device that must respond to the signing requests, so historically depending on how much capacity the GM is at, we upsize it one or two appliance models to account for it. 

 

This is best done through the account team / your SA as it will go to a review board and be verified compared against past successful deployments, but indeed it can be a large impact depending on how many zones, what share of requests hit those zones, and what type of performance is required to sign those requests. 

Showing results for 
Search instead for 
Did you mean: 

Recommended for You