As the first stop for all application traffic, DNS performance and resiliency are critical to modern application delivery. The need for monitoring and testing DNS capabilities has grown in importance, but while building its new DNS servers, NS1 found existing tools didn’t allow for realistic traffic patterns and real-world testing environments.
“Like many popular open source tools, Flamethrower was created to address a need we had internally at NS1,” said Shannon Weyrick, vice president of architecture at NS1.
“Our engineering team required a versatile tool for DNS server development and load testing, but existing solutions didn’t have the features we needed, which limited our ability to perform realistic tests. We built Flamethrower to enable complex testing for DNS performance and functionality so that traffic teams can gain a better understanding of the impact of potential changes to applications and infrastructure in actual production situations.”
Flamethrower supports IPv4, IPv6, UDP, TCP, DNS over TLS, as well as experimental support for DNS over QUIC. It has a modular system for generating the queries used in the tests, allowing for rich and realistic test scenarios that can plug into automation pipelines.
It simulates multiple concurrent clients and generates actionable metrics, including send and receive counts, timeouts, errors and data on minimum, maximum and average latency. The metric output format is suitable for ingestion into databases, such as Elastic, for further processing or visualization.
Early testers within the open source community, including Sara Dickinson of Sinodun IT, have offered positive feedback about the new tool.
“We are delighted to see an open source effort on a new DNS performance tool, and especially because Flamethrower was designed from the ground up to support multiple transport protocols for DNS rather than being UDP centric,” Dickinson said.
“The recent rapid development of new transports for DNS makes Flamethrower a valuable tool for implementors and operators to evaluate the latest DNS software.”
Flamethrower can adjust its queries per second flow over time, which is useful for generating a “signal” of traffic (e.g., a square wave) for calibrating time series metrics collection. It can also be used to mimic the surges in traffic an organization might see during a DDoS attack or stress test systems for failover, making it an ideal tool for wargaming and chaos engineering.
Casey Rosenthal, a renowned author, chaos engineering expert, and former engineering manager for the Traffic and Chaos Teams at Netflix, said Flamethrower’s ability to replicate realist traffic patterns provides substantial value to traffic teams.
“I wish this tool had been available when I managed traffic teams; we could have used this to validate our methodologies for regional failover,” said Rosenthal, who now serves as CEO and co-founder for Verica.io.
Flamethrower can be built from source, and is available via several OS packaging systems and on Docker Hub. As it’s an open source project, community contributions are welcome and encouraged. The source code is hosted on GitHub alongside other DNS-related tools at the DNS-OARC (Operations, Analysis, and Research Center) community.