On 18/10/16 08:26, Mukund Sivaraman wrote:
We know that IXFR with RPZ policy zones (esp. this DBL zone) causes some
trouble due to a less than desirable design / implementation of RPZ in
BIND. We have a plan to refactor the RPZ implementation for 9.12 to
remove these inefficiencies.
Can you share some details on that? Because I've reported issues
triggered by an XFR of a large RPZ, specifically the Spamhaus DBL, and
I've been variously pooh-poohed and/or told "no-one else has ever
I'm particularly interested if you're aware of a failure mode where CPU
usage can spike MASSIVELY during a large-ish IXFR and cause named to
start dropping queries.
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list