On 18/10/16 08:26, Mukund Sivaraman wrote:

We know that IXFR with RPZ policy zones (esp. this DBL zone) causes some
trouble due to a less than desirable design / implementation of RPZ in
BIND. We have a plan to refactor the RPZ implementation for 9.12 to
remove these inefficiencies.

Can you share some details on that? Because I've reported issues triggered by an XFR of a large RPZ, specifically the Spamhaus DBL, and I've been variously pooh-poohed and/or told "no-one else has ever reported that".

I'm particularly interested if you're aware of a failure mode where CPU usage can spike MASSIVELY during a large-ish IXFR and cause named to start dropping queries.
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list

Reply via email to