Performance analysis of Identity Management (IdM) with encrypted DNS (DoT) in OpenShift 4.20 reveals significant throughput differences across protocols. Direct resolution achieves 304k QPS with UDP, 253k with TCP (17% drop), and 188k with DoT (37% total drop from UDP). Indirect resolution through CoreDNS caps at 119k QPS
•35m read time• From developers.redhat.com
Table of contents
Architecture of the setup and tuning of IdMCreate a records.txt DNS recordPrepare the PodsInitial testsA bottleneck in the logsEnable busy pollingDirect Resolution: UDP testsDirect Resolution: TCP testsDirect Resolution: DNS over TLS (DoT) testsComparative benchmarks of Direct Resolution scenarioConclusions of Direct ResolutionIndirect ResolutionIndirect Resolution: UDP tests from Pod client to CoreDNS (leg 1) against IdM UDP (leg 2)Indirect Resolution: UDP tests from Pod client to CoreDNS (leg 1) against IdM eDNS (leg 2)Comparative benchmarks of Indirect Resolution scenarioConclusions of Indirect ResolutionConclusionSort: