OT - Small DNS "appliances" for remote offices.

That option is expensive in power fees...

If you're already installing a Cisco router, maybe look at an SRE-V module? You could install a VM/OS on the router.

Not to mention reliability issues with old machines...fans failing, leaky capacitors, etc, etc.


The Pi is low-powered in more ways than one. Last fall I ran some
(admittedly fairly simple minded) DNS benchmarks against a Raspberry
Pi Model B and an ODROID U3.

Particularly if you have DNSSEC validation enabled, the Pi is
underwhelming in performance (81 qps in the validation case, 164

The U3 is circa 325 qps with or without DNSSEC validation on, which
suggests that something else other than crypto-computes is the long
pole in the tent.

Hi Rob,

Interesting. The odroid has a 1700 mhz processor, the pi a 700 mhz
processor. Except for the validation anomaly your results are

Caveats: This is just returning NXDOMAIN against a TLD for which
(after the first run) there is already cached information that the TLD
is bogus, so this test doesn't involve traffic actually leaving the box.

Given your testing methodology, the difference between validating and
non-validating makes no sense to me. Once the records are cached bind
should only be passing a flag around? Weird.

For any site where you would use a Pi as the DNS cache, it won't be an
issue. DNS isn't that heavy at those query rates.

Yes and no. DNS is a lynchpin service. All connections stall until the
DNS provides an IP address. So you kinda want low latency in your DNS
lookups. If a fast server three hops away can respond faster than a
slow server on the same LAN, the server three hops away is a better

A point in favor of the Raspberry Pi -- there's a heckuva lot of
accessories already built for it. Including various cases and even a
few different rackmount cases. And a wealth of "how do you do it?" and
"why did it do this?" information available with just a few google
search terms. The communities supporting the other hardware options
are not nearly so large.

Bill Herrin

Consider change your resolver to Unbound.
Much better.