[Opendnssec-user] To MySQL or not?

Berry A.W. van Halderen berry at nlnetlabs.nl
Tue Feb 28 22:22:05 UTC 2017


On 02/28/2017 07:47 PM, Roman Serbski wrote:
> OpenDNSSEC 1.4.x with SQLite under FreeBSD 10.3-STABLE serving ~50
> domains (potentially +30 this year). There are no more than 5 entries
> per domain with the default ZSK/KSK roll-over (90 days/1 year).
> 
> Although there are no issues with the performance/locking whatsoever,
> I was wondering at which stage would you recommend to look into MySQL
> direction? Is this linked to the number of domains or how busy they
> are?

Perhaps people with far more operational experience can join in, as
experience may vary here.  But my general observations are that
SQLite3 is faster than MySQL if using a default installation.

This is not because SQLite is better than MySQL.  In fact I think that
MySQL should be able to scale better and have a more stable performance
in the end.  For large installations (10000s of domains rather than less
than 100) and with some planned improvements, MySQL should perform
better than SQLite3 in the long run.

But this will be marginal for the enforcer database and in general
SQLite will outperform a real database.  Not because it is better, but
because SQLite in an embedded database.  Without embedding a database
you will always get overhead.

But this overhead of an external database also gets you the goodies
that you might want in a production environment.  The additional
cost in overhead isn't too bad.
As with MySQL you get easy and trusted backup procedures (without
having to take the enforcer off-line), replication/high availability.
Permissions, authorization, remote access.
Normally the choice for an external database is required because of
the need to embed the operation into an existing infrastructure,
rather than for the true need of the application in your current
set up.

Personally, but this isn't my or my groups advice, I would use
SQLite3 for now and migrate to MySQL when version 2.3 (no mistype)
later this year and I think at that time there will be
performance benefits to be obtained for >10000s of domains.

> And the second question: anyone here using MySQL with ndbcluster
> engine? Any hints/performance observations?

No experience here.

\Berry




More information about the Opendnssec-user mailing list