Hi Phil On Tue, Oct 18, 2016 at 09:15:45AM +0100, Phil Mayers wrote: > On 18/10/16 08:26, Mukund Sivaraman wrote: > > > We know that IXFR with RPZ policy zones (esp. this DBL zone) causes some > > trouble due to a less than desirable design / implementation of RPZ in > > BIND. We have a plan to refactor the RPZ implementation for 9.12 to > > remove these inefficiencies. > > Can you share some details on that? Because I've reported issues triggered > by an XFR of a large RPZ, specifically the Spamhaus DBL, and I've been > variously pooh-poohed and/or told "no-one else has ever reported that".
That should not happen (the pooh-poohing). Please let me know the details of this. Every report is looked at esp. when it is accompanied by details (logs, config summary, technical description of the problem, etc.). > I'm particularly interested if you're aware of a failure mode where > CPU usage can spike MASSIVELY during a large-ish IXFR and cause named > to start dropping queries. I can't quantify "MASSIVELY" or "failure mode", but in general, yes there is a known regression in query and transfer performance specific to a configuration where RPZ is used and its policy zone is involved in an IXFR, during the transfer. (This problem was discovered a few months ago due to a customer's report.) Specifically, the Spamhaus DBL is one such zone which we have heard problem reports for. Please provide details of the problems you've faced, even if this is not related to RPZ. Mukund
Description: PGP signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list email@example.com https://lists.isc.org/mailman/listinfo/bind-users